Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan attack?

Started by UNABLE2SURF , Oct 15 2007 03:29 PM

  • Please log in to reply

#1
UNABLE2SURF
Posted 15 October 2007 - 03:29 PM

UNABLE2SURF

    New Member

  • Member
  • Pip
  • 7 posts
Hello, wish this wasnt so much fun, but I will just start off by saying I have trojan virtumonde, trojan.aoy,trojan tiny id, and trojan downloader conhook. Some of the pop ups I am getting say I have a back door trojan, win32@mx trojan and some kind of spybot something. I keep getting these two programs called live safety center and online security guide installed on my computer. I use avast home, windows firewall, spyware doctor. I have now tried windows updates, turning off system restore. tried atf cleaner, vundo fix, virtumundo begone, smitfraud in safe and reg mode, ad aware se, pandascanactive! spydocter says it get rid of all except virtumundo AND IT ALWAYS SAYS THE FILE C:\WINDOWS\system32\ddcyw.dll is always the one it wont get rid of, but the rest are back just within minutes of connecting to the internet. here is my hijack this log and panda thanks,Dave Logfile of HijackThis v1.99.1
Scan saved at 4:02:11 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\winshow.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E78CB55-3A83-4CB0-BD0E-D569AC52D0C3} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wartaede.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wartaede.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: eppfyues - eppfyues.dll (file missing)
O20 - Winlogon Notify: qnrcpors - qnrcpors.dll (file missing)
O20 - Winlogon Notify: wartaede - C:\WINDOWS\SYSTEM32\wartaede.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

panda scan log
Incident Status Location

Virus:Trj/Downloader.OZB Disinfected Operating system
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\CUSTOMER #1\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CUSTOMER #1\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\CUSTOMER #1\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CUSTOMER #1\Desktop\VirtumundoBeGone.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\CUSTOMER #1\Local Settings\Temp\nsa22.tmp
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Hacktool:HackTool/Samdump Not disinfected C:\Program Files\Laplink\PCmover\copypwd.dll
Adware:Adware/ISearch Not disinfected C:\TEMP\regit.exe[dnwldr131.exe]
Adware:Adware/TTC Not disinfected C:\TEMP\regit.exe[ade83122.exe]
Adware:Adware/TTC Not disinfected C:\TEMP\regit.exe[ade83122.exe][TTC.dll]
Adware:Adware/TTC Not disinfected C:\TEMP\regit.exe[ade83122.exe][folder.js]
Virus:Generic Malware Not disinfected C:\TEMP\regit.exe[by1drll.exe]
Virus:Generic Malware Not disinfected C:\TEMP\regit.exe[guwer12.exe]
Adware:Adware/Amera Not disinfected C:\TEMP\regit.exe[isrven2.exe][ISMPack6.exe]
Hacktool:HackTool/Samdump Not disinfected C:\WINDOWS\Downloaded Installations\{A45F2769-197F-49A5-937B-04A3EE210DFF}\PCmover.msi[unk_0058][copypwd.dll]
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\leqddpev.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\system32\njgubjiw.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\rqdxbvxa.exe
Adware:Adware/Amera Not disinfected C:\WINDOWS\system32\sim7\isrven2.exe[ISMPack6.exe]
Virus:Generic Malware Disinfected C:\WINDOWS\system32\yw1\guwer12.exe

Edited by UNABLE2SURF, 16 October 2007 - 04:58 PM.

  • 0

Advertisements

#2
njustice
Posted 19 October 2007 - 05:13 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello, please delete vundofix, virtumundo begone and smitfraudfix from your computer.


Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.


[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {0E78CB55-3A83-4CB0-BD0E-D569AC52D0C3} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wartaede.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wartaede.dll
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - Startup: PowerReg Scheduler.exe
O20 - Winlogon Notify: eppfyues - eppfyues.dll (file missing)
O20 - Winlogon Notify: qnrcpors - qnrcpors.dll (file missing)
O20 - Winlogon Notify: wartaede - C:\WINDOWS\SYSTEM32\wartaede.dll

Click on Fix Checked when finished and exit HijackThis.


Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply with a new Hijackthis log.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


Next.....


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please post the C:\ComboFix.txt, SuperAntiSpyware log and a new Hijackthis log.
  • 0

#3
UNABLE2SURF
Posted 19 October 2007 - 07:49 PM

UNABLE2SURF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I did everything you said and here are my logs, and may I say my cp is already acting much better. Thanks a lot and I will donate when this is done,,,,Dave ComboFix 07-10-20.5 - CUSTOMER #1 2007-10-20 19:04:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1499 [GMT -5:00]
Running from: C:\Documents and Settings\CUSTOMER #1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\acdhovjl.dll
C:\WINDOWS\system32\acjyshbq.dll
C:\WINDOWS\system32\afydaiih.ini
C:\WINDOWS\system32\agcrqgnv.ini
C:\WINDOWS\system32\agwuksrq.dll
C:\WINDOWS\system32\ahhgkigc.dll
C:\WINDOWS\system32\ahllvlnm.dll
C:\WINDOWS\system32\ahubcoqc.dll
C:\WINDOWS\system32\ajpnchrv.dll
C:\WINDOWS\system32\aprovqrf.ini
C:\WINDOWS\system32\aqsvuwgr.dll
C:\WINDOWS\system32\asbyaddy.ini
C:\WINDOWS\system32\atqjjdfq.dll
C:\WINDOWS\system32\auivdnrx.ini
C:\WINDOWS\system32\auxkibto.ini
C:\WINDOWS\system32\axgoxmal.dll
C:\WINDOWS\system32\baxfrrxm.dll
C:\WINDOWS\system32\bbxwliog.dll
C:\WINDOWS\system32\bdryrcuk.ini
C:\WINDOWS\system32\beplgrhy.ini
C:\WINDOWS\system32\bhaofgrn.exe
C:\WINDOWS\system32\bhksyowg.dll
C:\WINDOWS\system32\bjulcxqb.ini
C:\WINDOWS\system32\bkwkmjbq.dll
C:\WINDOWS\system32\bmmieifj.dll
C:\WINDOWS\system32\bniwbptr.dll
C:\WINDOWS\system32\boesjedk.dll
C:\WINDOWS\system32\bpsfouqm.dll
C:\WINDOWS\system32\bqxclujb.dll
C:\WINDOWS\system32\bsfpkndo.dll
C:\WINDOWS\system32\bsnyxqcu.dll
C:\WINDOWS\system32\bukascle.dll
C:\WINDOWS\system32\bxqywkvq.dll
C:\WINDOWS\system32\caqikoqr.dll
C:\WINDOWS\system32\cbtfkhev.ini
C:\WINDOWS\system32\ccrahbrx.dll
C:\WINDOWS\system32\cdyplkyh.ini
C:\WINDOWS\system32\cekbbjfy.dll
C:\WINDOWS\system32\celgpito.ini
C:\WINDOWS\system32\cgabxhtw.ini
C:\WINDOWS\system32\cgikghha.tmp
C:\WINDOWS\system32\cgmkobvv.ini
C:\WINDOWS\system32\cguvvdis.dll
C:\WINDOWS\system32\cigjcwnq.dll
C:\WINDOWS\system32\cjvceyqc.ini
C:\WINDOWS\system32\ckppdftt.dll
C:\WINDOWS\system32\clmdfrvm.dll
C:\WINDOWS\system32\cneyntys.dll
C:\WINDOWS\system32\cnqjxfah.dll
C:\WINDOWS\system32\cowyykgw.dll
C:\WINDOWS\system32\cqhwpfle.dll
C:\WINDOWS\system32\cqyecvjc.dll
C:\WINDOWS\system32\cqyxbnty.dll
C:\WINDOWS\system32\crfpepql.ini
C:\WINDOWS\system32\csyluruy.dll
C:\WINDOWS\system32\cwykoife.ini
C:\WINDOWS\system32\cxejhdhh.exe
C:\WINDOWS\system32\cxkcacut.exe
C:\WINDOWS\system32\dbonfdqp.dll
C:\WINDOWS\system32\dcghjvtg.ini
C:\WINDOWS\system32\dcpcsfcy.dll
C:\WINDOWS\system32\ddauokbw.dll
C:\WINDOWS\system32\ddbyrceh.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\dkttgxtn.dll
C:\WINDOWS\system32\dlkbxnws.dll
C:\WINDOWS\system32\domuedoj.ini
C:\WINDOWS\system32\dpcendmm.ini
C:\WINDOWS\system32\dtetdrpw.dll
C:\WINDOWS\system32\dtxrtdpi.ini
C:\WINDOWS\system32\dwbumtqt.exe
C:\WINDOWS\system32\dwgynwth.dll
C:\WINDOWS\system32\dwjlvbmx.dll
C:\WINDOWS\system32\dxolbmnv.dll
C:\WINDOWS\system32\dyfvhpaj.ini
C:\WINDOWS\system32\ecikolqb.dll
C:\WINDOWS\system32\efgmgxhv.dll
C:\WINDOWS\system32\efiokywc.dll
C:\WINDOWS\system32\efvmqnbr.tmp
C:\WINDOWS\system32\ehdskwde.dll
C:\WINDOWS\system32\ehuubnck.ini
C:\WINDOWS\system32\ejijgecm.dll
C:\WINDOWS\system32\ejoyjxon.dll
C:\WINDOWS\system32\ekethvgl.dll
C:\WINDOWS\system32\elfpwhqc.ini
C:\WINDOWS\system32\emlwfyar.dll
C:\WINDOWS\system32\emquswxg.ini
C:\WINDOWS\system32\eotpston.dll
C:\WINDOWS\system32\eoysodbs.ini
C:\WINDOWS\system32\epbsgcry.exe
C:\WINDOWS\system32\escmnraa.exe
C:\WINDOWS\system32\euxinqok.dll
C:\WINDOWS\system32\evhpcusl.dll
C:\WINDOWS\system32\evljaeos.dll
C:\WINDOWS\system32\fabtfcdm.ini
C:\WINDOWS\system32\fbvmhuds.dll
C:\WINDOWS\system32\fdffoglt.dll
C:\WINDOWS\system32\fdgmdqss.ini
C:\WINDOWS\system32\fdttlcsi.dll
C:\WINDOWS\system32\feycgxyo.exe
C:\WINDOWS\system32\fiebswjb.dll
C:\WINDOWS\system32\fjcwghje.dll
C:\WINDOWS\system32\fknnwlru.dll
C:\WINDOWS\system32\fmubfcvk.dll
C:\WINDOWS\system32\fqcnlmnb.dll
C:\WINDOWS\system32\frhsvpix.dll
C:\WINDOWS\system32\frqvorpa.dll
C:\WINDOWS\system32\frvcddij.dll
C:\WINDOWS\system32\fsoxthtv.dll
C:\WINDOWS\system32\ftulythl.dll
C:\WINDOWS\system32\fukpuxpa.dll
C:\WINDOWS\system32\fwovbcvk.dll
C:\WINDOWS\system32\fwtnfrvn.dll
C:\WINDOWS\system32\fymreclr.dll
C:\WINDOWS\system32\gbufavam.ini
C:\WINDOWS\system32\geltxlar.dll
C:\WINDOWS\system32\ggrqqbbp.dll
C:\WINDOWS\system32\ghkqxwqu.ini
C:\WINDOWS\system32\ghlqfdnu.dll
C:\WINDOWS\system32\ghqurkmb.dll
C:\WINDOWS\system32\gialkswl.dll
C:\WINDOWS\system32\gjunsxqm.dll
C:\WINDOWS\system32\glwchhai.ini
C:\WINDOWS\system32\goilwxbb.ini
C:\WINDOWS\system32\gorcmqhy.dll
C:\WINDOWS\system32\goshceyi.ini
C:\WINDOWS\system32\gpjsmvmk.dll
C:\WINDOWS\system32\gpkfvitr.ini
C:\WINDOWS\system32\gtvjhgcd.dll
C:\WINDOWS\system32\gxwsuqme.dll
C:\WINDOWS\system32\hauqjwqx.dll
C:\WINDOWS\system32\haynamvs.dll
C:\WINDOWS\system32\hbxmynat.dll
C:\WINDOWS\system32\hdqmumkp.dll
C:\WINDOWS\system32\hdsyjgtx.dll
C:\WINDOWS\system32\hfhhvcnp.dll
C:\WINDOWS\system32\hfvkewhp.ini
C:\WINDOWS\system32\hhywljdk.dll
C:\WINDOWS\system32\hiiadyfa.dll
C:\WINDOWS\system32\hkbeanfw.dll
C:\WINDOWS\system32\hklfdwrg.dll
C:\WINDOWS\system32\hmhaijiq.dll
C:\WINDOWS\system32\hmhhxxjv.dll
C:\WINDOWS\system32\hqcttlem.ini
C:\WINDOWS\system32\hqicgyba.dll
C:\WINDOWS\system32\hspnvcsm.dll
C:\WINDOWS\system32\htwnygwd.ini
C:\WINDOWS\system32\huegvkrm.dll
C:\WINDOWS\system32\hvutuajd.dll
C:\WINDOWS\system32\hxoeveso.dll
C:\WINDOWS\system32\hyklpydc.dll
C:\WINDOWS\system32\hytocksq.ini
C:\WINDOWS\system32\iaecflin.dll
C:\WINDOWS\system32\iahhcwlg.dll
C:\WINDOWS\system32\iavtqsmo.ini2
C:\WINDOWS\system32\iavtqsmo.ini2
C:\WINDOWS\system32\iavtqsmo.tmp
C:\WINDOWS\system32\iavtqsmo.tmp
C:\WINDOWS\system32\ibrfieel.dll
C:\WINDOWS\system32\icgjberx.dll
C:\WINDOWS\system32\igubqnmw.ini
C:\WINDOWS\system32\iihfgarf.dll
C:\WINDOWS\system32\iiosjaki.dll
C:\WINDOWS\system32\iknlqget.ini
C:\WINDOWS\system32\ioojkuek.ini
C:\WINDOWS\system32\ioqlrcpj.ini
C:\WINDOWS\system32\ipdtrxtd.dll
C:\WINDOWS\system32\isehbsqe.dll
C:\WINDOWS\system32\itowgehu.dll
C:\WINDOWS\system32\ixjbqtbv.dll
C:\WINDOWS\system32\iyechsog.dll
C:\WINDOWS\system32\japhvfyd.dll
C:\WINDOWS\system32\jbhjhbrk.dll
C:\WINDOWS\system32\jdjrpfdp.dll
C:\WINDOWS\system32\jfieimmb.ini
C:\WINDOWS\system32\jgqbrwll.ini
C:\WINDOWS\system32\jhgvjcvm.exe
C:\WINDOWS\system32\jhrirdpp.ini
C:\WINDOWS\system32\jitwpfwn.ini
C:\WINDOWS\system32\jjnhyelk.dll
C:\WINDOWS\system32\jkfqfstq.dll
C:\WINDOWS\system32\jkhfntjr.dll
C:\WINDOWS\system32\jmlrmivv.ini
C:\WINDOWS\system32\jmtyofun.dll
C:\WINDOWS\system32\jnkvxyhq.ini
C:\WINDOWS\system32\jnraoehk.dll
C:\WINDOWS\system32\jnuwnswy.dll
C:\WINDOWS\system32\jodeumod.dll
C:\WINDOWS\system32\jpcrlqoi.dll
C:\WINDOWS\system32\jpuhtpbp.ini
C:\WINDOWS\system32\jrapbybn.dll
C:\WINDOWS\system32\jucxdfdq.dll
C:\WINDOWS\system32\jykutjmq.ini
C:\WINDOWS\system32\jyqyxfht.dll
C:\WINDOWS\system32\kbfvssdt.dll
C:\WINDOWS\system32\kbgbcbxw.dll
C:\WINDOWS\system32\kbpovhum.dll
C:\WINDOWS\system32\kcnbuuhe.dll
C:\WINDOWS\system32\kdhhmrjq.dll
C:\WINDOWS\system32\kdhyfgjg.exe
C:\WINDOWS\system32\keukjooi.dll
C:\WINDOWS\system32\kfkkgear.dll
C:\WINDOWS\system32\kiiowqbn.ini
C:\WINDOWS\system32\kkktixaq.ini
C:\WINDOWS\system32\klercvdx.ini
C:\WINDOWS\system32\kmoggkhn.dll
C:\WINDOWS\system32\kptgnavt.dll
C:\WINDOWS\system32\kqvjtvuq.dll
C:\WINDOWS\system32\krbhjhbj.ini
C:\WINDOWS\system32\krvcvabs.ini
C:\WINDOWS\system32\kucryrdb.dll
C:\WINDOWS\system32\kuockbll.dll
C:\WINDOWS\system32\kvcfbumf.ini
C:\WINDOWS\system32\kyjubmsp.dll
C:\WINDOWS\system32\lhtylutf.ini
C:\WINDOWS\system32\llbkcouk.ini
C:\WINDOWS\system32\llwrbqgj.dll
C:\WINDOWS\system32\lqpepfrc.dll
C:\WINDOWS\system32\lrllqqjg.dll
C:\WINDOWS\system32\lrororxl.exe
C:\WINDOWS\system32\lsucphve.ini
C:\WINDOWS\system32\lvtxbuqh.dll
C:\WINDOWS\system32\lwbiacnn.dll
C:\WINDOWS\system32\lwfbdilt.dll
C:\WINDOWS\system32\lwqlqyqf.dll
C:\WINDOWS\system32\lwsklaig.ini
C:\WINDOWS\system32\lydbckxl.dll
C:\WINDOWS\system32\lyhyplok.dll
C:\WINDOWS\system32\lyqbnyjt.dll
C:\WINDOWS\system32\mavafubg.dll
C:\WINDOWS\system32\mcdexjuu.dll
C:\WINDOWS\system32\mcegjije.ini
C:\WINDOWS\system32\mdcftbaf.dll
C:\WINDOWS\system32\mdjbotob.dll
C:\WINDOWS\system32\mejburbk.exe
C:\WINDOWS\system32\melttcqh.dll
C:\WINDOWS\system32\mfpkiwis.ini
C:\WINDOWS\system32\mlpgdgac.exe
C:\WINDOWS\system32\mmdnecpd.dll
C:\WINDOWS\system32\mmgvlmvy.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmyreqoy.dll
C:\WINDOWS\system32\mnlvllha.ini
C:\WINDOWS\system32\moachcvn.ini
C:\WINDOWS\system32\mqefhplv.ini
C:\WINDOWS\system32\mqkpqcxr.ini
C:\WINDOWS\system32\mqxsnujg.ini
C:\WINDOWS\system32\mrkvgeuh.ini
C:\WINDOWS\system32\mvhghsrp.dll
C:\WINDOWS\system32\nbqwoiik.dll
C:\WINDOWS\system32\ndgtyseq.dll
C:\WINDOWS\system32\nedjccat.ini
C:\WINDOWS\system32\ngytqaae.dll
C:\WINDOWS\system32\nihkjslb.dll
C:\WINDOWS\system32\nilfceai.ini
C:\WINDOWS\system32\nkvnusxv.ini
C:\WINDOWS\system32\nlwsqhqg.dll
C:\WINDOWS\system32\nolvlsva.dll
C:\WINDOWS\system32\noxjyoje.ini
C:\WINDOWS\system32\npfngbmu.dll
C:\WINDOWS\system32\npsxyfev.ini
C:\WINDOWS\system32\nrkbgrjn.dll
C:\WINDOWS\system32\nrmffnqp.ini
C:\WINDOWS\system32\nrmuwjaq.dll
C:\WINDOWS\system32\nrwxvcio.ini
C:\WINDOWS\system32\nsvdprhd.dll
C:\WINDOWS\system32\nufoytmj.ini
C:\WINDOWS\system32\nujbekdx.ini
C:\WINDOWS\system32\numthdus.exe
C:\WINDOWS\system32\nupriicy.ini
C:\WINDOWS\system32\nvchcaom.dll
C:\WINDOWS\system32\nwfpwtij.dll
C:\WINDOWS\system32\nymqyvrr.dll
C:\WINDOWS\system32\nypybrwv.ini
C:\WINDOWS\system32\oalshaci.dll
C:\WINDOWS\system32\odnkpfsb.ini
C:\WINDOWS\system32\ognrpgbt.dll
C:\WINDOWS\system32\ohufgsir.dll
C:\WINDOWS\system32\oicvxwrn.dll
C:\WINDOWS\system32\oklvmfkj.dll
C:\WINDOWS\system32\omsqtvai.dll
C:\WINDOWS\system32\onifxcwy.dll
C:\WINDOWS\system32\orixfpau.dll
C:\WINDOWS\system32\otbikxua.dll
C:\WINDOWS\system32\otenuvyp.dll
C:\WINDOWS\system32\otipglec.dll
C:\WINDOWS\system32\otuseetu.dll
C:\WINDOWS\system32\ovvbemce.exe
C:\WINDOWS\system32\pbbqqrgg.ini
C:\WINDOWS\system32\pbpthupj.dll
C:\WINDOWS\system32\pbxpatyu.ini
C:\WINDOWS\system32\pgvynhfd.dll
C:\WINDOWS\system32\phwekvfh.dll
C:\WINDOWS\system32\pkmumqdh.ini
C:\WINDOWS\system32\ppdrirhj.dll
C:\WINDOWS\system32\pqnffmrn.dll
C:\WINDOWS\system32\prshghvm.ini
C:\WINDOWS\system32\psmbujyk.ini
C:\WINDOWS\system32\pxbdbkyx.dll
C:\WINDOWS\system32\pyvuneto.ini
C:\WINDOWS\system32\qajwumrn.ini
C:\WINDOWS\system32\qaxitkkk.dll
C:\WINDOWS\system32\qbhsyjca.ini
C:\WINDOWS\system32\qbjmkwkb.ini
C:\WINDOWS\system32\qbujtcon.dll
C:\WINDOWS\system32\qdfdxcuj.ini
C:\WINDOWS\system32\qesytgdn.ini
C:\WINDOWS\system32\qflijmau.ini
C:\WINDOWS\system32\qgajtsvw.dll
C:\WINDOWS\system32\qgfqqejf.dll
C:\WINDOWS\system32\qgndvlbr.dll
C:\WINDOWS\system32\qgrjhwya.dll
C:\WINDOWS\system32\qhyxvknj.dll
C:\WINDOWS\system32\qijiahmh.ini
C:\WINDOWS\system32\qmjtukyj.dll
C:\WINDOWS\system32\qmnpelld.dll
C:\WINDOWS\system32\qnwcjgic.ini
C:\WINDOWS\system32\qrrfjxkm.dll
C:\WINDOWS\system32\qskcotyh.dll
C:\WINDOWS\system32\qtahfwle.dll
C:\WINDOWS\system32\qtxgxcfk.dll
C:\WINDOWS\system32\quvtjvqk.ini
C:\WINDOWS\system32\qvfnhwlt.ini
C:\WINDOWS\system32\qwqnkcsx.dll
C:\WINDOWS\system32\qyeqjicg.dll
C:\WINDOWS\system32\ralxtleg.ini
C:\WINDOWS\system32\rbekjriv.dll
C:\WINDOWS\system32\rbnqmvfe.dll
C:\WINDOWS\system32\rctxqbxc.dll
C:\WINDOWS\system32\rgtmfhww.ini
C:\WINDOWS\system32\rgwuvsqa.ini
C:\WINDOWS\system32\rhvxhmhf.dll
C:\WINDOWS\system32\rjurdwwg.dll
C:\WINDOWS\system32\rkdlsche.dll
C:\WINDOWS\system32\rkinyujn.dll
C:\WINDOWS\system32\rpwelsvr.exe
C:\WINDOWS\system32\rqokiqac.ini
C:\WINDOWS\system32\rrtidodr.dll
C:\WINDOWS\system32\rshpqbqw.dll
C:\WINDOWS\system32\rtivfkpg.dll
C:\WINDOWS\system32\rwaaepqv.dll
C:\WINDOWS\system32\rxcqpkqm.dll
C:\WINDOWS\system32\sbavcvrk.dll
C:\WINDOWS\system32\sbdosyoe.dll
C:\WINDOWS\system32\sfilhsax.exe
C:\WINDOWS\system32\shaiegrx.dll
C:\WINDOWS\system32\sidvvugc.ini
C:\WINDOWS\system32\siwikpfm.dll
C:\WINDOWS\system32\sncqbjnq.dll
C:\WINDOWS\system32\snnrtbot.dll
C:\WINDOWS\system32\soavedqv.dll
C:\WINDOWS\system32\soeajlve.ini
C:\WINDOWS\system32\ssqdmgdf.dll
C:\WINDOWS\system32\stapqojo.dll
C:\WINDOWS\system32\steymfdw.dll
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.bak2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\svmanyah.ini
C:\WINDOWS\system32\svpqbsef.dll
C:\WINDOWS\system32\swnxbkld.ini
C:\WINDOWS\system32\taccjden.dll
C:\WINDOWS\system32\tajmfkmh.dll
C:\WINDOWS\system32\tanymxbh.ini
C:\WINDOWS\system32\tbgprngo.ini
C:\WINDOWS\system32\tcibccdb.dll
C:\WINDOWS\system32\tckxfxqw.ini
C:\WINDOWS\system32\tdmbluow.dll
C:\WINDOWS\system32\tegqlnki.dll
C:\WINDOWS\system32\thftdjql.dll
C:\WINDOWS\system32\thfxyqyj.ini
C:\WINDOWS\system32\tjynbqyl.ini
C:\WINDOWS\system32\tlhyeccw.ini
C:\WINDOWS\system32\tlidbfwl.ini
C:\WINDOWS\system32\tlwhnfvq.dll
C:\WINDOWS\system32\trfiuewt.dll
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\tsvslvyf.dll
C:\WINDOWS\system32\ttxwhlnv.dll
C:\WINDOWS\system32\tweuifrt.ini
C:\WINDOWS\system32\twksuxvs.dll
C:\WINDOWS\system32\uamjilfq.dll
C:\WINDOWS\system32\uapfxiro.ini
C:\WINDOWS\system32\ubrsvnuu.dll
C:\WINDOWS\system32\ubydewjw.ini
C:\WINDOWS\system32\uebbswqp.dll
C:\WINDOWS\system32\ufafnqjw.dll
C:\WINDOWS\system32\ufiekwmo.dll
C:\WINDOWS\system32\uhqebsbw.dll
C:\WINDOWS\system32\uiexgjyw.dll
C:\WINDOWS\system32\uincndck.dll
C:\WINDOWS\system32\ujlpxato.dll
C:\WINDOWS\system32\uleypoxs.dll
C:\WINDOWS\system32\umolkkny.dll
C:\WINDOWS\system32\uqhjqbyf.dll
C:\WINDOWS\system32\uqwxqkhg.dll
C:\WINDOWS\system32\usdjdipv.dll
C:\WINDOWS\system32\uujxedcm.ini
C:\WINDOWS\system32\uxejerlt.dll
C:\WINDOWS\system32\uyfsuhak.dll
C:\WINDOWS\system32\uytapxbp.dll
C:\WINDOWS\system32\vbtqbjxi.ini
C:\WINDOWS\system32\vbuwnwsy.ini
C:\WINDOWS\system32\vdanbxwd.dll
C:\WINDOWS\system32\vdvmhcak.dll
C:\WINDOWS\system32\vefyxspn.dll
C:\WINDOWS\system32\vehkftbc.dll
C:\WINDOWS\system32\vhxgmgfe.ini
C:\WINDOWS\system32\vlphfeqm.dll
C:\WINDOWS\system32\vlwiileu.dll
C:\WINDOWS\system32\vngqrcga.dll
C:\WINDOWS\system32\vnlhwxtt.ini
C:\WINDOWS\system32\vnluiabc.dll
C:\WINDOWS\system32\vnmbloxd.ini
C:\WINDOWS\system32\vodnpvqx.dll
C:\WINDOWS\system32\vpltrdjw.dll
C:\WINDOWS\system32\vqdevaos.ini
C:\WINDOWS\system32\vthtxosf.ini
C:\WINDOWS\system32\vvbokmgc.dll
C:\WINDOWS\system32\vvimrlmj.dll
C:\WINDOWS\system32\vwrbypyn.dll
C:\WINDOWS\system32\vxsunvkn.dll
C:\WINDOWS\system32\wcceyhlt.dll
C:\WINDOWS\system32\wjdrtlpv.ini
C:\WINDOWS\system32\wjwedybu.dll
C:\WINDOWS\system32\wmnqbugi.dll
C:\WINDOWS\system32\womrnfre.dll
C:\WINDOWS\system32\woulbmdt.ini
C:\WINDOWS\system32\woxpetar.exe
C:\WINDOWS\system32\wqxfxkct.dll
C:\WINDOWS\system32\wrmiehla.dll
C:\WINDOWS\system32\wscfkcrk.dll
C:\WINDOWS\system32\wtccudln.dll
C:\WINDOWS\system32\wthxbagc.dll
C:\WINDOWS\system32\wvstjagq.ini
C:\WINDOWS\system32\wwapmkbs.dll
C:\WINDOWS\system32\wwhfmtgr.dll
C:\WINDOWS\system32\wxbcbgbk.ini
C:\WINDOWS\system32\wxomlyce.dll
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\xbhuljwe.dll
C:\WINDOWS\system32\xdkebjun.dll
C:\WINDOWS\system32\xdvcrelk.dll
C:\WINDOWS\system32\xeqcewtf.dll
C:\WINDOWS\system32\xipvshrf.ini
C:\WINDOWS\system32\xmdwibgj.dll
C:\WINDOWS\system32\xnkhafjn.dll
C:\WINDOWS\system32\xojgaypx.dll
C:\WINDOWS\system32\xowkthrf.dll
C:\WINDOWS\system32\xplusfpf.dll
C:\WINDOWS\system32\xpyagjox.ini
C:\WINDOWS\system32\xrbharcc.ini
C:\WINDOWS\system32\xrebjgci.ini
C:\WINDOWS\system32\xrndviua.dll
C:\WINDOWS\system32\xtgjysdh.ini
C:\WINDOWS\system32\xuperblt.dll
C:\WINDOWS\system32\xykbdbxp.ini
C:\WINDOWS\system32\ycfscpcd.ini
C:\WINDOWS\system32\yciirpun.dll
C:\WINDOWS\system32\ycqvexmy.dll
C:\WINDOWS\system32\yddaybsa.dll
C:\WINDOWS\system32\ydufycgk.dll
C:\WINDOWS\system32\yefdmams.dll
C:\WINDOWS\system32\yekyjogl.exe
C:\WINDOWS\system32\yftsoosy.dll
C:\WINDOWS\system32\yhqmcrog.ini
C:\WINDOWS\system32\yhrglpeb.dll
C:\WINDOWS\system32\ymxevqcy.ini
C:\WINDOWS\system32\ynkklomu.ini
C:\WINDOWS\system32\yospkeeu.exe
C:\WINDOWS\system32\yrpdcqvu.exe
C:\WINDOWS\system32\ysoostfy.ini
C:\WINDOWS\system32\yswnwubv.dll
C:\WINDOWS\system32\yurulysc.ini
C:\WINDOWS\system32\ywqpsfui.dll
C:\WINDOWS\system32\yxlgjtws.dll
C:\WINDOWS\system32\zgurffci.dll
.
---- Previous Run -------
.
C:\Documents and Settings\CUSTOMER #1\Favorites\Online Security Guide.lnk
C:\Documents and Settings\CUSTOMER #1\Favorites\Online Security Guide.lnk
C:\Documents and Settings\CUSTOMER #1\Favorites\Online Security Guide.lnk
C:\Program Files\Hammer.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\settings.dat
C:\Program Files\myglobalsearch\bar\Settings\settings.dat.bak
C:\Program Files\myglobalsearch\bar\Settings\settings.htm
C:\Program Files\myglobalsearch\bar\Settings\settings.htm.bak
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\b148.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eppfyues.dllbox
C:\WINDOWS\system32\ihvlexwc.dllbox
C:\WINDOWS\system32\jfnjafag.dllbox
C:\WINDOWS\system32\jypkxwnp.dllbox
C:\WINDOWS\system32\ohufgsir.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\q21
C:\WINDOWS\system32\qnrcpors.dllbox
C:\WINDOWS\system32\rckrvcpi.dllbox
C:\WINDOWS\system32\sudeqzuq.dllbox
C:\WINDOWS\system32\uacbjxmw.dllbox
C:\WINDOWS\system32\vblpcwtq.exe
C:\WINDOWS\system32\wartaede.dllbox
C:\WINDOWS\system32\wasuovdg.dllbox
C:\WINDOWS\system32\womrnfre.dllbox
C:\WINDOWS\system32\ydufycgk.dllbox
C:\WINDOWS\system32\yukifnzn.dllbox
C:\WINDOWS\system32\zgurffci.dllbox
C:\WINDOWS\system32\zmwkdpwu.dllbox
C:\WINDOWS\winshow.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-19 18:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-19 18:45 <DIR> d-------- C:\Documents and Settings\CUSTOMER #1\Application Data\SUPERAntiSpyware.com
2007-10-19 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-13 15:56 <DIR> d-------- C:\VundoFix Backups
2007-10-13 13:24 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-12 18:09 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-12 18:08 <DIR> d-------- C:\Program Files\Canon
2007-10-11 09:57 <DIR> d-------- C:\Documents and Settings\CUSTOMER #1\Application Data\Viewpoint
2007-10-09 11:05 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-08 19:21 707,518 --a------ C:\TEMP\regit.exe
2007-10-08 18:04 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-04 18:55 <DIR> d-------- C:\Program Files\Steam
2007-09-29 16:46 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-09-24 23:07 <DIR> d-------- C:\Program Files\Phase One

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 00:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 23:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-19 21:51 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-18 00:12 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-15 02:25 --------- d-----w C:\Program Files\Winamp
2007-10-15 02:25 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-10-15 02:25 --------- d-----w C:\Program Files\Intel Audio Studio
2007-10-15 02:25 --------- d-----w C:\Program Files\Digital Media Reader
2007-10-15 00:56 --------- d-----w C:\Program Files\Common Files\KAKE First Alert
2007-10-14 02:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-13 20:55 --------- d-----w C:\Program Files\Java
2007-10-13 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 19:50 --------- d-----w C:\Program Files\Google
2007-10-13 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-13 15:39 --------- d-----w C:\Program Files\SoundSpectrum
2007-10-13 02:03 --------- d-----w C:\Program Files\Gateway Games
2007-10-13 02:01 --------- d-----w C:\Program Files\WildTangent
2007-10-13 01:53 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-11 00:55 --------- d-----w C:\Program Files\Ricochet Infinity
2007-10-08 22:32 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-05 17:57 163,644 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-05 17:21 --------- d-----w C:\Program Files\Activision
2007-10-04 22:52 --------- d-----w C:\Program Files\Napster
2007-10-04 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-04 22:51 --------- d-----w C:\Program Files\Microsoft Games
2007-10-04 22:45 --------- d-----w C:\Program Files\BitTorrent
2007-10-04 22:11 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-04 22:10 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-04 22:10 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-04 22:10 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-21 02:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-09-20 03:21 --------- d-----w C:\Program Files\Electronic Arts
2007-09-17 17:01 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-09-17 06:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-16 02:26 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2006-12-01 01:59 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-01-12 00:50:57 56 --sha-r C:\WINDOWS\system32\44566F3557.sys
2005-01-12 00:50:55 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 15:34]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 11:54]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 21:10]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-25 18:33]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SideWinderTrayV4"="C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 15:41]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-25 07:41]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 18:17]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 13:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"Steam"="c:\program files\steam\steam.exe" [2007-10-11 20:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\CUSTOMER #1\Start Menu\Programs\Startup\
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
KAKE First Alert.lnk - C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe [2006-11-25 19:14:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eppfyues]
eppfyues.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ihvlexwc]
ihvlexwc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnrcpors]
qnrcpors.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sudeqzuq]
sudeqzuq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uacbjxmw]
uacbjxmw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wartaede]
wartaede.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zmwkdpwu]
zmwkdpwu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 cpuz128;cpuz128;\??\C:\DOCUME~1\CUSTOM~1\LOCALS~1\Temp\cpuz_x32.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\C:\DOCUME~1\CUSTOM~1\LOCALS~1\Temp\TCCpuInfo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e04d147-4803-11db-b9fe-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 06:29:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 19:10:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 19:14:55 - machine was rebooted
.
--- E O F ---
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2007 at 08:28 PM

Application Version : 3.9.1008

Core Rules Database Version : 3327
Trace Rules Database Version: 1328

Scan type : Complete Scan
Total Scan Time : 01:10:32

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 7135
Registry threats detected : 0
File items scanned : 91224
File threats detected : 21

Adware.Tracking Cookie
C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]
C:\Documents and Settings\CUSTOMER #1\Cookies\customer_#1@customer_[5].txt
C:\Documents and Settings\CUSTOMER #1\Cookies\customer_#1@customer_[2].txt
C:\Documents and Settings\CUSTOMER #1\Cookies\customer_#1@customer_[11].txt
C:\Documents and Settings\CUSTOMER #1\Cookies\customer #[email protected]

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\HAMMER.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OHUFGSIR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WOMRNFRE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YDUFYCGK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ZGURFFCI.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2\A0000009.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0000251.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0000353.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0000377.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3\A0000387.DLL
C:\VUNDOFIX BACKUPS\RCKRVCPI.DLL.BAD
C:\VUNDOFIX BACKUPS\YUKIFNZN.DLL.BAD
C:\WINDOWS\SYSTEM32\RCKRVCPI.DLL.VIR

Worm.Evilbot-B
C:\WINEXEC.EXE
Logfile of HijackThis v1.99.1
Scan saved at 8:38:54 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: eppfyues - eppfyues.dll (file missing)
O20 - Winlogon Notify: ihvlexwc - ihvlexwc.dll (file missing)
O20 - Winlogon Notify: qnrcpors - qnrcpors.dll (file missing)
O20 - Winlogon Notify: sudeqzuq - sudeqzuq.dll (file missing)
O20 - Winlogon Notify: uacbjxmw - uacbjxmw.dll (file missing)
O20 - Winlogon Notify: wartaede - wartaede.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: zmwkdpwu - zmwkdpwu.dll (file missing)
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  • 0

#4
njustice
Posted 20 October 2007 - 03:51 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.


[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O20 - Winlogon Notify: eppfyues - eppfyues.dll (file missing)
O20 - Winlogon Notify: ihvlexwc - ihvlexwc.dll (file missing)
O20 - Winlogon Notify: qnrcpors - qnrcpors.dll (file missing)
O20 - Winlogon Notify: sudeqzuq - sudeqzuq.dll (file missing)
O20 - Winlogon Notify: uacbjxmw - uacbjxmw.dll (file missing)
O20 - Winlogon Notify: wartaede - wartaede.dll (file missing)
O20 - Winlogon Notify: zmwkdpwu - zmwkdpwu.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.


Next.....


Open notepad and copy/paste the text in the quotebox below into it (do not include the word "QUOTE":

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eppfyues]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ihvlexwc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnrcpors]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sudeqzuq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uacbjxmw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wartaede]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zmwkdpwu]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Save the above as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
  • 0

#5
UNABLE2SURF
Posted 20 October 2007 - 02:49 PM

UNABLE2SURF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
FORGOT HOW FAST MY COMPUTER WAS SUPPOSED TO BE! THANKS A BUNCH ! HERE ARE MY NEW LOGSComboFix 07-10-20.5 - CUSTOMER #1 2007-10-20 15:33:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1485 [GMT -5:00]
Running from: C:\Documents and Settings\CUSTOMER #1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CUSTOMER #1\Desktop\CFSCRIPT.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-19 18:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-19 18:45 <DIR> d-------- C:\Documents and Settings\CUSTOMER #1\Application Data\SUPERAntiSpyware.com
2007-10-19 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-19 18:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 18:58 0 --a------ C:\WINDOWS\system32\jfnjafag.dll.vir
2007-10-14 21:34 0 --a------ C:\WINDOWS\system32\jypkxwnp.dll.vir
2007-10-14 20:55 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-10-14 20:53 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-10-14 19:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:15 6,058,496 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-14 19:15 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-14 19:15 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-14 19:15 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-14 19:15 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-14 19:15 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-14 19:15 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-14 19:15 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-13 15:56 <DIR> d-------- C:\VundoFix Backups
2007-10-13 13:24 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-12 19:39 5,768 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 19:11 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-12 19:11 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-12 18:09 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-10-12 18:09 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-12 18:09 140,288 --a------ C:\WINDOWS\system32\CNMLM7C.DLL
2007-10-12 18:09 90,112 -ra------ C:\WINDOWS\system32\CNMCP7C.exe
2007-10-12 18:09 8,704 --a------ C:\WINDOWS\system32\CNMVS7C.DLL
2007-10-12 18:08 <DIR> d-------- C:\Program Files\Canon
2007-10-11 21:07 <DIR> d-------- C:\WINDOWS\NV38003700.TMP
2007-10-11 09:57 <DIR> d-------- C:\Documents and Settings\CUSTOMER #1\Application Data\Viewpoint
2007-10-09 11:05 <DIR> d-------- C:\Program Files\CONEXANT
2007-10-08 19:23 <DIR> d-------- C:\WINDOWS\system32\yw1
2007-10-08 19:23 <DIR> d-------- C:\WINDOWS\system32\sim7
2007-10-08 19:23 <DIR> d-------- C:\WINDOWS\system32\ipz2
2007-10-08 19:21 <DIR> d-------- C:\WINDOWS\system32\zp1
2007-10-08 19:21 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-08 19:21 707,518 --a------ C:\TEMP\regit.exe
2007-10-08 18:04 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-08 17:32 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-04 20:30 <DIR> d-------- C:\WINDOWS\NV29961548.TMP
2007-10-04 20:20 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-04 20:20 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-04 20:20 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-04 20:20 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-04 18:55 <DIR> d-------- C:\Program Files\Steam
2007-09-29 16:46 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-09-24 23:07 <DIR> d-------- C:\Program Files\Phase One
2007-09-20 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-09-20 20:15 <DIR> d-------- C:\EbuDllTmpDir

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 00:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 23:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-19 21:51 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-18 00:12 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-15 02:25 --------- d-----w C:\Program Files\Winamp
2007-10-15 02:25 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-10-15 02:25 --------- d-----w C:\Program Files\Intel Audio Studio
2007-10-15 02:25 --------- d-----w C:\Program Files\Digital Media Reader
2007-10-15 00:56 --------- d-----w C:\Program Files\Common Files\KAKE First Alert
2007-10-14 02:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-14 02:29 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-13 20:55 --------- d-----w C:\Program Files\Java
2007-10-13 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 19:50 --------- d-----w C:\Program Files\Google
2007-10-13 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-13 15:39 --------- d-----w C:\Program Files\SoundSpectrum
2007-10-13 02:03 --------- d-----w C:\Program Files\Gateway Games
2007-10-13 02:01 --------- d-----w C:\Program Files\WildTangent
2007-10-13 01:53 --------- d-----w C:\Program Files\Apple Software Update
2007-10-13 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-11 00:55 --------- d-----w C:\Program Files\Ricochet Infinity
2007-10-05 17:57 163,644 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-05 17:21 --------- d-----w C:\Program Files\Activision
2007-10-04 22:52 --------- d-----w C:\Program Files\Napster
2007-10-04 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-04 22:51 --------- d-----w C:\Program Files\Microsoft Games
2007-10-04 22:45 --------- d-----w C:\Program Files\BitTorrent
2007-10-04 22:11 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-04 22:10 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-04 22:10 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-04 22:10 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-20 03:21 --------- d-----w C:\Program Files\Electronic Arts
2007-09-18 22:44 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2007-09-17 17:01 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-09-17 06:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 06:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 06:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 06:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 06:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-09-17 06:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 06:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 06:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 06:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 06:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 06:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 06:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 06:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 06:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 06:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 06:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 06:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 06:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 06:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 06:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 06:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 06:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 06:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 06:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 06:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 06:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 06:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 06:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 06:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 06:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-16 02:26 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-01 03:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-07-20 05:54 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll
2006-12-01 01:59 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-01-12 00:50:57 56 --sha-r C:\WINDOWS\system32\44566F3557.sys
2005-01-12 00:50:55 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_19.14.00.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-20 20:12:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat
+ 2007-10-20 20:11:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 15:34]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 11:54]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 21:10]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 18:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-25 18:33]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SideWinderTrayV4"="C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 15:41]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-25 07:41]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 18:17]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 13:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"Steam"="c:\program files\steam\steam.exe" [2007-10-11 20:18]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\CUSTOMER #1\Start Menu\Programs\Startup\
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-04-26 13:49:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
KAKE First Alert.lnk - C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe [2006-11-25 19:14:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 cpuz128;cpuz128;\??\C:\DOCUME~1\CUSTOM~1\LOCALS~1\Temp\cpuz_x32.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys
S3 PciCon;PciCon;\??\E:\PciCon.sys
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys
S3 TCCrystalCpuInfo;TCCrystalCpuInfo;\??\C:\DOCUME~1\CUSTOM~1\LOCALS~1\Temp\TCCpuInfo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e04d147-4803-11db-b9fe-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 06:29:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 15:36:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-20 15:36:53
C:\ComboFix2.txt ... 2007-10-20 19:14
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 3:38:34 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

THESE NEW SCANS ALSO RAN VERY FAST COMPARED TO THE OTHER ONES, I GUESS THAT MEANS THEY ARE A LOT CLEANER., HOW DO YOU DETERMINE WHICH FILES ARE BAD IS IT BECAUSE THEY ARE JUST RANDOM LETTERS? ALSO I AM TRYING TO UNDERSTAND DOES HIJACK THIS DELETE THOSE FILES AND THEN YOU PASTE THOSE OTHER FILES IN COMBO FIX SO IT WILL LOOK FOR THEM OR IS COMBO FIX REPLACING FILES?THANKS,,,,,,,,,,,,,DAVE
  • 0

#6
njustice
Posted 21 October 2007 - 03:08 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello UNABLE2SURF,

I want you to run two more scans and then afterwards I will try to answer your questions.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Next.....


Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then selectAutomatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient
  • 0

#7
UNABLE2SURF
Posted 21 October 2007 - 01:31 PM

UNABLE2SURF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
NEW LOGS STILL A LOT OF ITEMS FOUND! Scanning Report
Sunday, October 21, 2007 12:35:52 - 14:01:25

Computer name: YOUR-68B8D1092F
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 99 malware found
Vundo.gen39 (virus)

* C:\WINDOWS\SYSTEM32\ABWYNGWS.INI
* C:\WINDOWS\SYSTEM32\AEOTQHYM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\AGGFNNMK.INI (Submitted)
* C:\WINDOWS\SYSTEM32\AQHYMYUM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\BBCKYCDH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\BUNXVKBY.INI (Submitted)
* C:\WINDOWS\SYSTEM32\BYWLKKTJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\CCVMIKDG.INI (Submitted)
* C:\WINDOWS\SYSTEM32\CLOSEUCR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\CYHYEVFH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\DAVHTHEQ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\DRORQTXP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\EIPSVBNB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FDFWUNGR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FNVIFJFM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\FTFQXSPC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GBJLKNOP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GBJYIHWB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GBLNSWWV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GGSOPJEN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GHXXFGKW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GPILBTWF.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GQSXJTBK.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HGNQWBBD.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HHFKKRJF.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HKQDBYJN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HLVTEHBV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HSFGFSPB.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HSQFHUCX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\HWNKKQFC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\IGXIPERL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\ILDDDSBC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\IMVYUMXO.INI (Submitted)
* C:\WINDOWS\SYSTEM32\IVFFDQEN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\IVQOYHSR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\JLDLNBAN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\JXEFFION.INI (Submitted)
* C:\WINDOWS\SYSTEM32\KFAKYVLL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\KOXSDFSD.INI (Submitted)
* C:\WINDOWS\SYSTEM32\KPIWFYRO.INI (Submitted)
* C:\WINDOWS\SYSTEM32\KTPQVGRP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LTLEOJVA.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LTPKTDLS.INI (Submitted)
* C:\WINDOWS\SYSTEM32\LXEBJBUG.INI (Submitted)
* C:\WINDOWS\SYSTEM32\MAQUYCYW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\MDSSRMIY.INI (Submitted)
* C:\WINDOWS\SYSTEM32\MEMGFLXV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\MUFAVDWY.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NHFSOOHT.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NHLRVKOL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NKVRNDMV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NRKKSWDH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NUXLUQYA.INI (Submitted)
* C:\WINDOWS\SYSTEM32\NYHJYFWP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\ODYAOFGS.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OKLGWKXL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\OTASMAYR.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PAFVTKTV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PPJSYOYW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\PRIEDUUK.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QATNVKWM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QAVEWPCH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\QWDYCYBP.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RJKUVPKW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RMVVQSUW.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RSUEGUKI.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RUMWXELM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\RYOFKDFX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SEADJMLJ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SLVEBSRD.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SNCLFQXG.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SSURIVRI.INI (Submitted)
* C:\WINDOWS\SYSTEM32\STBCBTBH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\SXHVGTBQ.INI (Submitted)
* C:\WINDOWS\SYSTEM32\TMJWILLT.INI (Submitted)
* C:\WINDOWS\SYSTEM32\TWBUKEAO.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UARIUORX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UBDBAVDK.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UHFDMERX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UQJYRBTS.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UQQUYJDM.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VBUANNXF.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VDICCENX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VFQFNGQH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VHHCCHPX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VQCKGIWI.INI (Submitted)
* C:\WINDOWS\SYSTEM32\VTHMKSGF.INI (Submitted)
* C:\WINDOWS\SYSTEM32\WPFLGPLU.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XDCLAKDA.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XHUUTXOY.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XIKWSDVX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\XQRFYSAV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YBWMSSPX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YCCYFJHC.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YHWPLLPL.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YOVKVISX.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YOVUFGTV.INI (Submitted)
* C:\WINDOWS\SYSTEM32\YPGEUDFJ.INI (Submitted)

Vundo.gen45 (virus)

* C:\WINDOWS\SYSTEM32\VGGTUGOV.INI (Submitted)

Statistics
Scanned:

* Files: 41903
* System: 5639
* Not scanned: 6

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 99
* Submitted: 98

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{78DA91C0-C65A-4A32-83DF-52AD9B92FE8B}.BIN
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_1012514710_2424832_8938

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-10-19
* F-Secure AVP: 7.0.171, 2007-10-21
* F-Secure Orion: 1.2.37, 2007-10-19
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-09-18

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

ddcyw.dll;C:\!KillBox;Trojan.Juan.24;Deleted.;
ddcyw.dll( 1);C:\!KillBox;Trojan.Juan.24;Deleted.;
ddcyw.dll( 2);C:\!KillBox;Trojan.Juan.24;Deleted.;
ddcyw.dll( 3);C:\!KillBox;Trojan.Juan.24;Deleted.;
backup-20071015-193818-391.dll;C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\backups;Trojan.Juan.24;Deleted.;
backup-20071015-194457-912.dll;C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\backups;Trojan.Juan.24;Deleted.;
backup-20071016-184738-390.dll;C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\backups;Trojan.Juan.24;Deleted.;
backup-20071019-183709-983.dll;C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\backups;Trojan.Juan.24;Deleted.;
CaptureOne.exe;C:\Program Files\Phase One\Capture One LE;Win32.HLLW.AntiQFX;Incurable.Moved.;
b148.exe.vir;C:\qoobox\Quarantine\C\WINDOWS;Trojan.MulDrop.origin;Incurable.Moved.;
acdhovjl.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
agwuksrq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ahubcoqc.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ajpnchrv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
atqjjdfq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
axgoxmal.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
baxfrrxm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bhaofgrn.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
bhksyowg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bniwbptr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
boesjedk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bpsfouqm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bsnyxqcu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bukascle.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
bxqywkvq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ckppdftt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
clmdfrvm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
cneyntys.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
cnqjxfah.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
cowyykgw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
cqyxbnty.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
cxejhdhh.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
cxkcacut.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
dbonfdqp.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ddauokbw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ddbyrceh.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
dkttgxtn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
dtetdrpw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
dwbumtqt.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
ecikolqb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ehdskwde.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ekethvgl.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
emlwfyar.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
eotpston.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
epbsgcry.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
escmnraa.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
euxinqok.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fbvmhuds.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fdffoglt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fdttlcsi.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
feycgxyo.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
fiebswjb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fjcwghje.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fqcnlmnb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
frvcddij.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fukpuxpa.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fwovbcvk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
fymreclr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ghlqfdnu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ghqurkmb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
gpjsmvmk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hauqjwqx.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hfhhvcnp.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hhywljdk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hkbeanfw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hklfdwrg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hmhhxxjv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hqicgyba.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hspnvcsm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
hxoeveso.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ibrfieel.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
iihfgarf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
iiosjaki.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
isehbsqe.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
itowgehu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jdjrpfdp.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jhgvjcvm.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
jjnhyelk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jkfqfstq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jkhfntjr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jnraoehk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jnuwnswy.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
jrapbybn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kbfvssdt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kbpovhum.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kdhhmrjq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kdhyfgjg.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
kfkkgear.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kmoggkhn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
kptgnavt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lrllqqjg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lrororxl.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
lvtxbuqh.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lwbiacnn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lwqlqyqf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lydbckxl.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
lyhyplok.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
mdjbotob.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
mejburbk.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
mlpgdgac.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
mmgvlmvy.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
mmyreqoy.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ngytqaae.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
nihkjslb.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
nlwsqhqg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
nolvlsva.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
npfngbmu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
nrkbgrjn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
nsvdprhd.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
numthdus.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
nymqyvrr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
oalshaci.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
oklvmfkj.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
onifxcwy.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
otuseetu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ovvbemce.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
pgvynhfd.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qbujtcon.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qgndvlbr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qgrjhwya.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qmnpelld.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qrrfjxkm.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qtahfwle.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qtxgxcfk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qwqnkcsx.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
qyeqjicg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rbekjriv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rctxqbxc.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rhvxhmhf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rjurdwwg.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rkdlsche.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rkinyujn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rpwelsvr.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
rrtidodr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rshpqbqw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
rwaaepqv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
sfilhsax.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
shaiegrx.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
sncqbjnq.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
snnrtbot.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
stapqojo.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
steymfdw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
svpqbsef.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
tajmfkmh.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
thftdjql.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
tsvslvyf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
twksuxvs.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ubrsvnuu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uebbswqp.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ufafnqjw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ufiekwmo.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uhqebsbw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uiexgjyw.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uincndck.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
ujlpxato.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uleypoxs.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uqhjqbyf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
usdjdipv.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uxejerlt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
uyfsuhak.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
vdanbxwd.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
vdvmhcak.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
vlwiileu.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
vnluiabc.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
vodnpvqx.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
woxpetar.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
wrmiehla.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
wscfkcrk.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
wtccudln.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
wwapmkbs.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
wxomlyce.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xbhuljwe.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xeqcewtf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xmdwibgj.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xnkhafjn.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xplusfpf.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
xuperblt.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
yefdmams.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
yekyjogl.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
yospkeeu.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
yrpdcqvu.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;
ywqpsfui.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
yxlgjtws.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.23;Deleted.;
A0000007.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP2;Trojan.MulDrop.origin;Incurable.Moved.;
A0000025.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Virtumod.224;Deleted.;
A0000062.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000064.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000067.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000068.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000070.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000071.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000072.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000074.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000075.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000078.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000079.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000080.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000083.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000084.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000085.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000091.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000092.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000093.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000094.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000095.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000098.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000100.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000101.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000102.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000104.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000105.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000106.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000108.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000109.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000113.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000116.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000119.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000120.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000121.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000122.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000123.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000124.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000127.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000128.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000129.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000130.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000131.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000132.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000135.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000138.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000141.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000142.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000144.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000147.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000148.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000152.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000155.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000160.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000161.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000163.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000164.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000166.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000167.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000168.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000171.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000175.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000177.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000178.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000180.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000181.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000186.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000187.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000188.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000189.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000190.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000192.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000193.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000196.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000199.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000201.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000203.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000204.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000206.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000207.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000208.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000215.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000216.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000217.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000218.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000220.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000221.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000222.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000227.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000228.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000230.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000232.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000233.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000237.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000238.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000239.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000240.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000241.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000242.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000244.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000245.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000248.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000249.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000253.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000255.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000260.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000261.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000263.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000269.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000272.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000273.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000276.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000277.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000279.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000280.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000281.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000282.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000283.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000285.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000286.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000287.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000288.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000289.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000290.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000291.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000292.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000294.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000298.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000299.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000301.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000302.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000305.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000306.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000307.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000309.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000313.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000316.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000318.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000320.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000321.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000322.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000323.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000324.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000325.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000326.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000327.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000328.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000330.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000332.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000333.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000334.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000336.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000337.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000341.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000343.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000344.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000354.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000356.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000357.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000358.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000360.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000362.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000363.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000366.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000367.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000368.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000371.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000373.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000378.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000379.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000382.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000383.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Hammer;Deleted.;
A0000385.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000386.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.23;Deleted.;
A0000529.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Trojan.Juan.24;Deleted.;
A0001036.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Tool.Prockill;;
A0001037.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP3;Tool.ShutDown.11;;
A0001162.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Trojan.Juan.24;Deleted.;
A0001163.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Trojan.Juan.24;Deleted.;
A0001164.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Trojan.Juan.24;Deleted.;
A0001165.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Trojan.Juan.24;Deleted.;
A0001166.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Trojan.Juan.24;Deleted.;
A0001167.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP5;Win32.HLLW.AntiQFX;Incurable.Moved.;
ytbcatfa.dll.bad;C:\VundoFix Backups;Trojan.Juan.23;Deleted.;
GTDownIN_119.ocx;C:\WINDOWS\system32;Adware.Gdown;;
vMW10a1099.exe;C:\WINDOWS\system32\vMW10a;Trojan.DownLoader.24715;Deleted.;
AGAIN THANKS SO MUCH FOR THE HELP, THIS IS AWESOME!,,,,,,,,,DAVE
  • 0

#8
njustice
Posted 21 October 2007 - 04:38 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello,

Disable Spyware Doctor as instructed earlier.

Then, * Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Note: Make sure you run Vundofix using your administrator account (our an account with admin priveleges).


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Note:
If you already have VundoFix please delete that version and download the latest version from the link above.
  • 0

#9
UNABLE2SURF
Posted 21 October 2007 - 04:47 PM

UNABLE2SURF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Vundofix didnt find any infected files, does this mean I am done, again thanks so much I am going to donate 50 bucks hope it helps,,,,,,,,,,,Dave
  • 0

#10
njustice
Posted 22 October 2007 - 02:54 AM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello Dave, thanks for donation! I would like to see one last hijackthis log.
  • 0

#11
UNABLE2SURF
Posted 22 October 2007 - 03:49 PM

UNABLE2SURF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
HERE IS HOPEFULLY THE LAST HIJACKTHIS LOG, THANKS FOR THE ATTENTION TO DETAIL AND HELPING ME LEARN MORE ABOUT THIS STUFF, I FEEL LIKE I CAN DEFINITELY HANDLE THIS KINDA PROBLEM MUCH BETTER IF IT HAPPENS AGAIN! THANKS,,,,,,,,,DAVE Logfile of HijackThis v1.99.1
Scan saved at 4:43:27 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\CUSTOMER #1\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  • 0

#12
njustice
Posted 22 October 2007 - 05:34 PM

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello Dave, glad to help where and when I can.....


C:)NGRATULATI:)NS! at last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future. Please do these steps as soon as possible if you haven't already.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
a. Windows Update: http://v5.windowsupd.../en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the
second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.wildersse...ywareguard.html
c. IE/Spyad: http://www.spywarewa...uc/resource.htm
d. Bugoff: http://www.majorgeek...wnload4308.html

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.koll...n&page=download
c. SUPERAntiSpyware: http://www.superantispyware.com/

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here: http://www.spywarewa...nti-spyware.htm

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com

6. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. See the links below:
a. ZoneAlarm
b. Kerio
c. Comodo<===#1 recommendation!

7. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore.
a. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
8. Use GoogleToolbar - It's free, blocks popups and takes seconds to install. Use the toolbar without the advanced features enabled(check this during install), the toolbar is completely inert--it doesn't send any information to Google whatsoever as you surf.
a. GoogleToolbar

9. RegScrubXP 3.25 - Safely cleans junk out of the Windows. 2000/XP system registry. All changes made to the registry are fully restorable to it's original condition.
a. RegScrubXP 3.25

10. Online Virus Scans - Run these on a regular basis(I usually do about once a month or suspect a problem):
a. http://www.pandasoft...n_principal.htm
b. http://www.windowsec...com/trojanscan/
c. http://housecall.trendmicro.com/
d. http://www.bitdefend...can/licence.php

11. Alternative Browsers - Using an alternative browser other than IE will IMMENSELY reduce the risk of infection:
a. Firefox<==my #1 choice
b. Avant
c. Opera

12. Alternative Java Technologies
a. Sun Java

Note: (Microsoft will continue to provide support for the MSJVM until December 31, 2007. However, users are encouraged to migrate to an alternative solution before December 31, 2007. )

13. Temporary Internet File Cleaner
a. ATF Cleaner by Atribune.

14. Anti-Virus Program
a. AVG 7 Free.

Good luck, and thanks for coming to our forums for help with your security and malware issues.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP