Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MALWARE AND OTHER PROBLEMS [RESOLVED]


  • This topic is locked This topic is locked

#1
bender44

bender44

    Member

  • Member
  • PipPip
  • 17 posts
i read the long rules thing and i think im going on about this correct .=)

c:\windows\system32\ssttq.dll
Win32:Trojan-gen {Other}
Virus/Worm <<type<<



c:\windows\system32\ssttq.exe
Win32:Agent-PSG [Drp]
Dropper <<type<< avast picks this up

---------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:54 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file)
O2 - BHO: (no name) - {18522EF3-3085-461F-86AD-C4996580B62E} - (no file)
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {503FB2AD-1F78-4DE2-97AF-737104478C21} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - (no file)
O4 - HKLM\..\Run: [nvchost] \winlogon.exe
O4 - HKLM\..\Run: [ejivqpqx] rundll32.exe "C:\Program Files\zevivmte\rijelenk.dll",Init
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: ddcaxya - ddcaxya.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7475 bytes
  • 0

Advertisements


#2
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. :)

----------------------------------------------------------------

Please download VundoFix.exe to your desktop

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.

  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • Vundofix.txt
  • main.txt and extra.txt from DSS

  • 0

#3
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
VundoFix V6.7.7

Checking Java version...

Scan started at 5:37:52 PM 1/31/2008

Listing files found while scanning....

C:\WINDOWS\PerfInfo\a95ykmXnPQpt.exe
C:\windows\system32\drvcimr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\PerfInfo\a95ykmXnPQpt.exe
C:\WINDOWS\PerfInfo\a95ykmXnPQpt.exe Has been deleted!

Attempting to delete C:\windows\system32\drvcimr.dll
C:\windows\system32\drvcimr.dll Has been deleted!

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:55 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {18522EF3-3085-461F-86AD-C4996580B62E} - (no file)
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {503FB2AD-1F78-4DE2-97AF-737104478C21} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - (no file)
O4 - HKLM\..\Run: [nvchost] \winlogon.exe
O4 - HKLM\..\Run: [ejivqpqx] rundll32.exe "C:\Program Files\zevivmte\rijelenk.dll",Init
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: ddcaxya - ddcaxya.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7367 bytes
-----------------------------------------------------------------------------------------------------------
HERE IS THE main.txt

Deckard's System Scanner v20071014.68
Run by CMoney on 2008-01-31 18:06:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-02-01 00:06:45 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-01-31 02:22:45 UTC - RP4 - System Checkpoint
3: 2008-01-29 01:17:14 UTC - RP3 - System Checkpoint
2: 2008-01-27 05:21:01 UTC - RP2 - 1st restore point i did
1: 2008-01-26 06:12:58 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as CMoney.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:31 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\CMoney\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CMoney.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {18522EF3-3085-461F-86AD-C4996580B62E} - (no file)
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {503FB2AD-1F78-4DE2-97AF-737104478C21} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - (no file)
O4 - HKLM\..\Run: [nvchost] \winlogon.exe
O4 - HKLM\..\Run: [ejivqpqx] rundll32.exe "C:\Program Files\zevivmte\rijelenk.dll",Init
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: ddcaxya - ddcaxya.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7272 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ATI_WDMAUD (ATI Integrated Digital Audio) - c:\windows\system32\drivers\atiwdma.sys <Not Verified; ATI Research Inc.; Microsoft® Windows® Operating System>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 tenCapture - c:\windows\system32\drivers\tencapture.sys <Not Verified; Hajo Krabbenhöft; Personal Voice Changer>

S3 DCamUSBUVT (ICM532A) - c:\windows\system32\drivers\usbuvt.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AOL ACS (AOL Connectivity Service) - "c:\program files\common files\aol\acs\aolacsd.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_044914E4&REV_02\4&13826118&0&10A4
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_044914E4&REV_02\4&13826118&0&10A4
Service: BCM43XX

Class GUID:
Description: PCI Modem
Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_0300107B&REV_02\3&13C0B0C5&0&A6
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1002&DEV_4378&SUBSYS_0300107B&REV_02\3&13C0B0C5&0&A6
Service:


-- Files created between 2007-12-31 and 2008-01-31 -----------------------------

2008-01-31 17:37:52 0 d-------- C:\VundoFix Backups
2008-01-28 21:47:25 0 d-------- C:\Program Files\Trend Micro
2008-01-26 23:11:37 24064 --a------ C:\WINDOWS\system32\vcmgrd32.dll
2008-01-26 23:05:31 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-26 23:05:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-26 23:05:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-26 23:05:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-26 23:05:31 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-26 23:05:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-26 23:05:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-26 23:05:31 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-26 23:05:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-26 23:05:31 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-26 23:05:31 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-26 23:05:31 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-26 23:05:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-26 23:05:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-26 23:05:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-26 23:05:30 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-23 22:05:44 0 d-------- C:\Documents and Settings\CMoney\Application Data\MySpace
2008-01-22 20:14:10 348160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll <Not Verified; Online Media Technologies Ltd.; NCTWMAFile2 ActiveX DLL>
2008-01-22 20:14:10 479232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-01-22 20:14:09 602112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2008-01-22 20:14:08 458752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-01-22 20:14:08 458752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-01-22 20:14:04 1212416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-01-22 20:14:00 1986560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-01-22 20:14:00 880640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2008-01-22 20:14:00 417792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDisplay2 ActiveX DLL>
2008-01-22 20:13:59 2084864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDesign2 ActiveX DLL>
2008-01-22 20:13:57 835584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll <Not Verified; NCT; NCTAudioCDGrabber2 ActiveX DLL>
2008-01-16 17:49:49 0 d-------- C:\Program Files\Personal Voice Changer Driver
2008-01-14 20:27:18 1751 --a------ C:\WINDOWS\system32\jsoqhmcs.dll
2008-01-13 14:53:55 0 d-------- C:\WINDOWS\vf_hip
2008-01-13 14:53:54 0 d-------- C:\Program Files\Hide IP Platinum
2008-01-11 19:52:10 1750 --a------ C:\WINDOWS\system32\hgypxwid.dll
2008-01-11 19:43:37 0 d--hs---- C:\AVSystemCare
2008-01-11 19:40:39 0 d-------- C:\Documents and Settings\CMoney\Application Data\AVSystemCare
2008-01-11 19:40:25 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-08 18:49:21 0 d-------- C:\WINDOWS\gtvupprv
2008-01-08 18:49:19 204800 --a------ C:\WINDOWS\system32\ndaTqsVqrXs.dll
2008-01-06 22:34:45 92544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-01-06 22:28:52 0 d-------- C:\Program Files\MagicISO
2007-12-31 19:57:22 32768 --a------ C:\WINDOWS\system32\ycrwin32.dll <Not Verified; ; YCRWin32 Module>


-- Find3M Report ---------------------------------------------------------------

2008-01-28 18:06:09 0 d-------- C:\Documents and Settings\CMoney\Application Data\LimeWire
2008-01-26 22:59:27 102877 --ahs---- C:\WINDOWS\system32\qttss.ini2
2008-01-26 19:05:16 0 d--hs---- C:\Program Files\winupdates
2008-01-26 19:05:09 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-26 19:04:56 0 d-------- C:\Program Files\Support Tools
2008-01-26 19:02:52 0 d-------- C:\Program Files\Helper
2008-01-26 19:02:48 0 d-------- C:\Program Files\Desktop
2008-01-26 19:02:37 0 d-------- C:\Program Files\Common Files\Motive
2008-01-16 22:25:21 0 d-------- C:\Program Files\Windows NT
2008-01-13 16:33:06 0 d-------- C:\Program Files\Messenger
2008-01-13 14:54:02 32 --a------ C:\WINDOWS\go
2008-01-12 23:35:17 0 d-------- C:\Program Files\Common Files
2008-01-12 02:40:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-03 02:16:07 0 d-------- C:\Documents and Settings\CMoney\Application Data\Yahoo!
2007-12-31 20:16:57 0 d-------- C:\Documents and Settings\CMoney\Application Data\Adobe
2007-12-29 04:30:32 0 d-------- C:\Documents and Settings\CMoney\Application Data\BearShare
2007-12-29 03:31:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-29 03:28:51 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-26 20:46:32 10240 --a------ C:\WINDOWS\system32\ntsysl .exe
2007-12-26 18:42:16 0 d-------- C:\Documents and Settings\CMoney\Application Data\Ultimate Cleaner
2007-12-26 15:40:18 208896 --a------ C:\WINDOWS\system32\ndaTqsVqrX.dll
2007-12-26 15:40:01 0 d-------- C:\Program Files\zevivmte
2007-12-24 15:37:52 135680 --a------ C:\WINDOWS\system32\lncom_.exe <Not Verified; www.mouseindustries.com; MySpaceMp3Gopher Application>
2007-12-20 16:51:52 0 d-------- C:\Program Files\Network Chemistry
2007-12-02 19:04:25 0 d-------- C:\Program Files\BroadJump
2007-12-02 01:39:44 0 d-------- C:\Documents and Settings\CMoney\Application Data\WinRAR
2007-11-30 17:10:19 0 d-------- C:\Documents and Settings\CMoney\Application Data\Ahead
2007-11-19 23:11:43 1823111 --ahs---- C:\WINDOWS\system32\wyadd.ini2
2007-11-19 20:29:03 932 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-11-18 19:16:10 16384 --a------ C:\WINDOWS\system32\TzoLibr.dll
2007-11-18 19:16:10 912 --a------ C:\WINDOWS\system32\ntsys.dll
2007-11-18 19:16:10 293685 --a------ C:\WINDOWS\system32\CYGWIN1.DLL <Not Verified; Red Hat; Cygwin>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18522EF3-3085-461F-86AD-C4996580B62E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]
C:\WINDOWS\system32\ssttq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvchost"="\winlogon.exe" []
"ejivqpqx"="C:\Program Files\zevivmte\rijelenk.dll" [12/26/2007 03:40 PM]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"smgr"="mgrs.exe" []
"ugac"="C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" []
"bm"="C:\Program Files\Common Files\AVSystemCare\bm.exe" []
"ptask"="C:\Program Files\AVSystemCare\ptask.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxya]
ddcaxya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
winbjt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]
GWHotKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

90 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-31 18:08:20 ------------

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

and here is the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 446.23 MiB / 165.54 MiB
Pagefile Memory (total/avail): 1819.43 MiB / 1604.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.24 MiB

C: is Fixed (NTFS) - 18.62 GiB total, 6.02 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N020ATMR04-0 - 18.63 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 18.62 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080201-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\CMoney\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\CMoney\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\CMoney\\My Documents\\New Downloads\\Limewire\\LimeWire.exe"="C:\\Documents and Settings\\CMoney\\My Documents\\New Downloads\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\CMoney\\My Documents\\CMON3Y\\myspace gopher\\MySpaceMp3Gopher.exe"="C:\\Documents and Settings\\CMoney\\My Documents\\CMON3Y\\myspace gopher\\MySpaceMp3Gopher.exe:*:Enabled:MySpace Mp3 Gopher Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\CMoney\\Desktop\\CAM\\easywebcam.exe"="C:\\Documents and Settings\\CMoney\\Desktop\\CAM\\easywebcam.exe:*:Enabled:easywebcam.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\ntsys32.exe"="C:\\WINDOWS\\system32\\ntsys32.exe:*:Disabled:ntsys32"
"C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\Server.exe"="C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\Server.exe:*:Enabled:Server"
"C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\Well.exe"="C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\Well.exe:*:Disabled:Well"
"C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\yoooo.exe"="C:\\Documents and Settings\\CMoney\\Desktop\\STUFF\\HA3KS\\yoooo.exe:*:Enabled:yoooo"
"C:\\DOCUME~1\\CMoney\\LOCALS~1\\Temp\\winB.exe"="C:\\DOCUME~1\\CMoney\\LOCALS~1\\Temp\\winB.exe:*:Enabled:winB"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\jxcinnio.exe"="C:\\WINDOWS\\system32\\jxc"
"C:\\WINDOWS\\system32\\ptfraqnm.exe"="C:\\WINDOWS\\system32\\ptf"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CMoney\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GTWYMX6440
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CMoney
LOGONSERVER=\\GTWYMX6440
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CMoney\LOCALS~1\Temp
TMP=C:\DOCUME~1\CMoney\LOCALS~1\Temp
USERDOMAIN=GTWYMX6440
USERNAME=CMoney
USERPROFILE=C:\Documents and Settings\CMoney
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user1
CMoney (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMIX.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Editor Gold v9.2.18.1 --> "C:\Documents and Settings\CMoney\My Documents\New Downloads\Audio Editor Gold\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AXIS Media Control --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
AXIS Media Control Embedded --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Gateway Download Assistant --> MsiExec.exe /I{A2A73632-BBAA-43EB-A337-ADF43F905A1C}
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Multi-function Keyboard --> C:\WINDOWS\gwhotkey.exe -U
Hide IP Platinum 3.5 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire PRO 4.14.9 --> "C:\Documents and Settings\CMoney\My Documents\New Downloads\Limewire\lime wire pro files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Nokia Multimedia Player --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinRAR archiver --> C:\Documents and Settings\CMoney\My Documents\New Downloads\WINRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3703 / Warning
Event Submitted/Written: 01/30/2008 07:28:25 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type3701 / Warning
Event Submitted/Written: 01/27/2008 06:34:54 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'WordUserData', component '{8ADD2C93-C8B7-11D1-9C67-0000F81F1B38}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\UserData' does not exist.

Event Record #/Type3699 / Warning
Event Submitted/Written: 01/27/2008 06:34:50 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.

Event Record #/Type3698 / Error
Event Submitted/Written: 01/27/2008 02:00:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ae.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3689 / Error
Event Submitted/Written: 01/26/2008 01:11:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33654 / Error
Event Submitted/Written: 01/31/2008 06:03:40 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type33627 / Warning
Event Submitted/Written: 01/31/2008 05:10:58 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type33626 / Warning
Event Submitted/Written: 01/31/2008 04:12:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type33625 / Warning
Event Submitted/Written: 01/31/2008 03:33:37 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type33624 / Warning
Event Submitted/Written: 01/31/2008 03:05:35 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-31 18:08:20 ------------
  • 0

#4
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

I see that you are running, or have previously installed, LimeWire. Although this application is not malware itself, the files downloaded with it are often a major source of infection. Hence, I strongly advise that it be removed. If you choose to do so, go to the Add/Remove Programs option in the Control Panel, and Uninstall LimeWire.

----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

----------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

----------------------------------------------------------------

Information to include in your next post:
  • ComboFix Log
  • SmitFraudFix Log

  • 0

#5
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
COMBOFIX LOG

ComboFix 08-02.01.6 - CMoney 2008-02-01 16:29:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -6:00]
Running from: C:\Documents and Settings\CMoney\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\CMoney\Application Data\AVSystemCare
C:\Documents and Settings\CMoney\Application Data\AVSystemCare\Logs\threats.log
C:\Documents and Settings\CMoney\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\CMoney\Application Data\Ultimate Cleaner
C:\Documents and Settings\CMoney\Application Data\Ultimate Cleaner\settings.dat
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\#SharedObjects\9HHPCUZ7\www.broadcaster.com
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\#SharedObjects\9HHPCUZ7\www.broadcaster.com\played_list.sol
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\#SharedObjects\9HHPCUZ7\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\user1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\user1\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\user1\err.log
C:\Documents and Settings\user1\ResErrors.log
C:\Program Files\Helper
C:\Program Files\Helper\ifastseek.dll
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\Program Files\zevivmte
C:\Program Files\zevivmte\rijelenk.dll
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\ktd32.atm
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\a95ykmXnPQuc.exe
C:\WINDOWS\PerfInfo\a95ykmXnPQud.exe
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\Thumbs.db
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dxsbnifc.ini
C:\WINDOWS\system32\gakrafgb.ini
C:\WINDOWS\system32\lgvjictb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini2
C:\WINDOWS\system32\tbnjcfmi.ini
C:\WINDOWS\system32\unxkatma.ini
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 18:06 . 2008-01-31 18:06 <DIR> d-------- C:\Deckard
2008-01-31 17:37 . 2008-01-31 17:37 <DIR> d-------- C:\VundoFix Backups
2008-01-28 21:47 . 2008-01-28 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 23:11 . 2008-01-26 23:11 24,064 --a------ C:\WINDOWS\system32\vcmgrd32.dll
2008-01-26 23:05 . 2004-08-27 03:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-23 22:05 . 2008-01-23 22:05 <DIR> d-------- C:\Documents and Settings\CMoney\Application Data\MySpace
2008-01-22 20:14 . 2005-05-17 12:37 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-01-22 20:14 . 2005-05-18 11:52 1,212,416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-01-22 20:14 . 2005-04-15 12:08 880,640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-01-22 20:14 . 2005-04-04 17:21 602,112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-01-22 20:14 . 2005-03-28 15:54 479,232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-01-22 20:14 . 2005-03-28 15:56 417,792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll
2008-01-22 20:14 . 2005-04-04 15:06 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-01-22 20:14 . 2006-03-23 12:56 113,486 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-01-22 20:13 . 2005-03-29 07:57 2,084,864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll
2008-01-22 20:13 . 2004-11-04 13:31 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-01-22 20:13 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-16 17:49 . 2008-01-16 17:50 <DIR> d-------- C:\Program Files\Personal Voice Changer Driver
2008-01-14 20:27 . 2008-01-14 20:27 1,751 --a------ C:\WINDOWS\system32\jsoqhmcs.dll
2008-01-13 14:53 . 2008-01-13 14:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-01-13 14:53 . 2008-01-26 19:02 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-01-13 01:26 . 2008-01-13 01:36 0 --a------ C:\WINDOWS\galaxy.ini
2008-01-11 19:52 . 2008-01-11 19:52 1,750 --a------ C:\WINDOWS\system32\hgypxwid.dll
2008-01-11 19:40 . 2008-01-11 19:40 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-08 18:49 . 2008-01-08 18:49 <DIR> d-------- C:\WINDOWS\gtvupprv
2008-01-08 18:49 . 2008-01-08 18:49 204,800 --a------ C:\WINDOWS\system32\ndaTqsVqrXs.dll
2008-01-06 22:34 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-01-06 22:28 . 2008-01-23 23:10 <DIR> d-------- C:\Program Files\MagicISO
2008-01-03 03:56 . 2008-01-04 16:06 594 --ahs---- C:\WINDOWS\system32\pxxvutaf.ini
2008-01-03 03:54 . 2008-01-03 03:54 294 --ahs---- C:\WINDOWS\system32\bsndyduo.ini
2008-01-02 23:20 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-02 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-02 23:18 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-02 23:17 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-02 23:16 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-02 23:15 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-02 23:14 . 2004-08-04 13:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-02 23:13 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-02 23:13 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-01-02 23:13 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-01-02 23:13 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-01-02 23:13 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-01-02 23:13 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-01-02 23:13 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-01-02 23:13 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-01-02 23:11 . 2004-08-04 13:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-02 23:10 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-02 23:09 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-02 23:08 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-02 23:07 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-02 23:06 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-01-02 23:06 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-01-02 23:06 . 2001-08-17 22:36 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-01-02 23:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-01-02 23:06 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-01-02 23:06 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-01-02 23:05 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-01-02 23:05 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-01-02 23:05 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-01-02 23:05 . 2004-08-03 23:04 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-01-02 23:05 . 2004-08-04 13:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
2008-01-02 23:05 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2008-01-02 23:04 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-01-02 23:04 . 2004-08-04 13:00 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2008-01-02 23:04 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-01-02 23:04 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2008-01-02 23:02 . 2004-08-04 13:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-02 23:01 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-02 23:00 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-01-02 22:59 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-02 22:58 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-01-02 22:57 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-02 22:57 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-02 22:57 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-02 22:57 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-02 22:57 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-02 22:57 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-02 22:57 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 22:57 . 2004-08-04 13:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-01-02 22:57 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-02 22:57 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-02 22:56 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-02 22:56 . 2001-08-17 12:12 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2008-01-02 22:56 . 2001-08-17 22:36 58,880 --a--c--- C:\WINDOWS\system32\dllcache\m3092dc.dll
2008-01-02 22:56 . 2001-08-17 12:19 48,768 --a--c--- C:\WINDOWS\system32\dllcache\maestro.sys
2008-01-02 22:56 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll
2008-01-02 22:56 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-01-02 22:56 . 2001-08-17 13:58 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2008-01-02 22:56 . 2001-08-17 13:52 7,424 --a--c--- C:\WINDOWS\system32\dllcache\mammoth.sys
2008-01-02 22:54 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-01-02 22:53 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-02 22:52 . 2004-08-04 13:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-02 22:51 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-01-02 22:50 . 2001-08-17 13:28 391,199 --a--c--- C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2008-01-02 22:49 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-02 22:48 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-02 22:47 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-02 22:46 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 00:06 --------- d-----w C:\Documents and Settings\CMoney\Application Data\LimeWire
2008-01-27 01:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 01:04 --------- d-----w C:\Program Files\Support Tools
2008-01-27 01:02 --------- d-----w C:\Program Files\Desktop
2008-01-27 01:02 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-12 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 08:16 --------- d-----w C:\Documents and Settings\CMoney\Application Data\Yahoo!
2008-01-01 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-29 10:30 --------- d-----w C:\Documents and Settings\CMoney\Application Data\BearShare
2007-12-29 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 09:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 09:28 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-12-27 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 22:51 --------- d-----w C:\Program Files\Network Chemistry
2007-12-18 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 01:04 --------- d-----w C:\Program Files\BroadJump
2007-04-08 22:13 15,916 -c--a-w C:\Program Files\Log.txt
2007-03-19 22:27 1,196,099 -csha-w C:\WINDOWS\system32\wyadd.bak1
2007-04-17 21:39 1,389,722 -csha-w C:\WINDOWS\system32\wyadd.bak2
.
<pre>
----a-w			79,224 2008-01-15 01:37:01  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w			15,360 2008-01-15 01:37:07  C:\WINDOWS\system32\ctfmon .exe
----a-w		18,684,536 2007-12-28 04:50:38  C:\WINDOWS\system32\MRT .exe
----a-w			10,240 2007-12-27 02:46:32  C:\WINDOWS\system32\ntsysl .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]
C:\WINDOWS\system32\ssttq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 35840]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvchost"="\winlogon.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" [ ]
"bm"="C:\Program Files\Common Files\AVSystemCare\bm.exe" [ ]
"ptask"="C:\Program Files\AVSystemCare\ptask.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxya]
ddcaxya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]
winbjt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

R3 ATI_WDMAUD;ATI Integrated Digital Audio;C:\WINDOWS\system32\drivers\atiwdma.sys [2006-03-08 17:06]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 08:15]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 11:13]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 13:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 16:37:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-01 16:41:50 - machine was rebooted [CMoney]
ComboFix-quarantined-files.txt 2008-02-01 22:41:45
.
2008-01-10 04:38:18 --- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:03 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
O2 - BHO: (no name) - {503FB2AD-1F78-4DE2-97AF-737104478C21} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [nvchost] \winlogon.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: ddayw - C:\WINDOWS\
O20 - Winlogon Notify: ddcaxya - ddcaxya.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6092 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



SmitFraudFix v2.277

Scan done at 16:47:20.85, Fri 02/01/2008
Run from C:\Documents and Settings\CMoney\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CMoney


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CMoney\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CMoney\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F80860F7-8D32-4681-9A9C-09316C06E3F0}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F80860F7-8D32-4681-9A9C-09316C06E3F0}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F80860F7-8D32-4681-9A9C-09316C06E3F0}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

Your machine is heavily infected. Among these infections are a couple of file infectors, which can be particularly destructive. We will see what we can do to get things cleared up.

Before we get down to business, please take note that one of the infections on your machine is designed to steal information, such as passwords. Hence, you should refrain from using this machine to do anything that involves sensitive information, such as banking or bill pay, until we get everything cleaned up. Additionally, I strongly advise that you change any passwords or such that you may have previously used from this computer, as they might be compromised.

Also, please avoid rebooting your machine until I let you know it is safe to do so. One of the file infectors on your machine restores itself every time you reboot, so until we have it cleared out rebooting will just bring it back.

----------------------------------------------------------------

We are going to use ComboFix to delete some things.

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::
C:\WINDOWS\system32\vcmgrd32.dll
C:\WINDOWS\system32\hgypxwid.dll
C:\WINDOWS\system32\ndaTqsVqrXs.dll
C:\WINDOWS\system32\pxxvutaf.ini
C:\WINDOWS\system32\bsndyduo.ini
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\winlogon.exe

Folder::
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\WINDOWS\gtvupprv
C:\Program Files\Common Files\AVSystemCare
C:\Program Files\AVSystemCare

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvchost"=-
"ugac"=-
"bm"=-
"ptask"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcaxya]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjt32]

RenV::
<pre>
----a-w 79,224 2008-01-15 01:37:01 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 15,360 2008-01-15 01:37:07 C:\WINDOWS\system32\ctfmon .exe
----a-w 18,684,536 2007-12-28 04:50:38 C:\WINDOWS\system32\MRT .exe
----a-w 10,240 2007-12-27 02:46:32 C:\WINDOWS\system32\ntsysl .exe
</pre>

Posted Image

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Edited by Stamper19, 01 February 2008 - 09:56 PM.

  • 0

#7
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix 08-02.01.6 - CMoney 2008-02-02 1:20:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.92 [GMT -6:00]
Running from: C:\Documents and Settings\CMoney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CMoney\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\bsndyduo.ini
C:\WINDOWS\system32\hgypxwid.dll
C:\WINDOWS\system32\ndaTqsVqrXs.dll
C:\WINDOWS\system32\pxxvutaf.ini
C:\WINDOWS\system32\vcmgrd32.dll
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\WINDOWS\gtvupprv
C:\WINDOWS\gtvupprv\1.png
C:\WINDOWS\gtvupprv\2.png
C:\WINDOWS\gtvupprv\3.png
C:\WINDOWS\gtvupprv\4.png
C:\WINDOWS\gtvupprv\5.png
C:\WINDOWS\gtvupprv\6.png
C:\WINDOWS\gtvupprv\bottom-rc.gif
C:\WINDOWS\gtvupprv\content.png
C:\WINDOWS\gtvupprv\download.gif
C:\WINDOWS\gtvupprv\frame-bottom-left.gif
C:\WINDOWS\gtvupprv\frame-h1bg.gif
C:\WINDOWS\gtvupprv\head.png
C:\WINDOWS\gtvupprv\indexpt.html
C:\WINDOWS\gtvupprv\indexsg.html
C:\WINDOWS\gtvupprv\main.css
C:\WINDOWS\gtvupprv\net.png
C:\WINDOWS\gtvupprv\pc-mag.gif
C:\WINDOWS\gtvupprv\pc.gif
C:\WINDOWS\gtvupprv\poloska1.png
C:\WINDOWS\gtvupprv\poloska2.png
C:\WINDOWS\gtvupprv\poloska3.png
C:\WINDOWS\gtvupprv\promopt1.html
C:\WINDOWS\gtvupprv\promopt2.html
C:\WINDOWS\gtvupprv\promopt3.html
C:\WINDOWS\gtvupprv\promopt4.html
C:\WINDOWS\gtvupprv\promopt5.html
C:\WINDOWS\gtvupprv\promosg1.html
C:\WINDOWS\gtvupprv\promosg2.html
C:\WINDOWS\gtvupprv\promosg3.html
C:\WINDOWS\gtvupprv\promosg4.html
C:\WINDOWS\gtvupprv\promosg5.html
C:\WINDOWS\gtvupprv\reg.png
C:\WINDOWS\gtvupprv\repair.png
C:\WINDOWS\gtvupprv\scr-3.png
C:\WINDOWS\gtvupprv\scr-4.png
C:\WINDOWS\gtvupprv\scr-5.png
C:\WINDOWS\gtvupprv\scr-6.png
C:\WINDOWS\gtvupprv\styles.css
C:\WINDOWS\gtvupprv\top-rc.gif
C:\WINDOWS\gtvupprv\vline.gif
C:\WINDOWS\system32\bsndyduo.ini
C:\WINDOWS\system32\hgypxwid.dll
C:\WINDOWS\system32\ndaTqsVqrXs.dll
C:\WINDOWS\system32\pxxvutaf.ini
C:\WINDOWS\system32\vcmgrd32.dll
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 20:01 . 2008-02-01 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\Program Files\Eidos Interactive
2008-02-01 16:47 . 2008-02-01 16:47 1,694 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-01 16:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-01 16:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-01 16:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-01 16:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-01 16:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-31 18:06 . 2008-01-31 18:06 <DIR> d-------- C:\Deckard
2008-01-31 17:37 . 2008-01-31 17:37 <DIR> d-------- C:\VundoFix Backups
2008-01-28 21:47 . 2008-01-28 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 23:05 . 2004-08-27 03:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-23 22:05 . 2008-01-23 22:05 <DIR> d-------- C:\Documents and Settings\CMoney\Application Data\MySpace
2008-01-22 20:14 . 2005-05-17 12:37 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-01-22 20:14 . 2005-05-18 11:52 1,212,416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-01-22 20:14 . 2005-04-15 12:08 880,640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-01-22 20:14 . 2005-04-04 17:21 602,112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-01-22 20:14 . 2005-03-28 15:54 479,232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-01-22 20:14 . 2005-03-28 15:56 417,792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll
2008-01-22 20:14 . 2005-04-04 15:06 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-01-22 20:14 . 2006-03-23 12:56 113,486 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-01-22 20:13 . 2005-03-29 07:57 2,084,864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll
2008-01-22 20:13 . 2004-11-04 13:31 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-01-22 20:13 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-16 17:49 . 2008-01-16 17:50 <DIR> d-------- C:\Program Files\Personal Voice Changer Driver
2008-01-14 20:27 . 2008-01-14 20:27 1,751 --a------ C:\WINDOWS\system32\jsoqhmcs.dll
2008-01-13 14:53 . 2008-01-13 14:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-01-13 14:53 . 2008-01-26 19:02 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-01-13 01:26 . 2008-01-13 01:36 0 --a------ C:\WINDOWS\galaxy.ini
2008-01-06 22:34 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-01-06 22:28 . 2008-01-23 23:10 <DIR> d-------- C:\Program Files\MagicISO
2008-01-02 23:20 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-02 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-02 23:18 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-02 23:17 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-02 23:16 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-02 23:15 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-02 23:14 . 2004-08-04 13:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-02 23:13 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-02 23:13 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-01-02 23:13 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-01-02 23:13 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-01-02 23:13 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-01-02 23:13 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-01-02 23:13 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-01-02 23:13 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-01-02 23:11 . 2004-08-04 13:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-02 23:10 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-02 23:09 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-02 23:08 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-02 23:07 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-02 23:06 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-01-02 23:06 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-01-02 23:06 . 2001-08-17 22:36 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-01-02 23:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-01-02 23:06 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-01-02 23:06 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-01-02 23:05 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-01-02 23:05 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-01-02 23:05 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-01-02 23:05 . 2004-08-03 23:04 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-01-02 23:05 . 2004-08-04 13:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
2008-01-02 23:05 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2008-01-02 23:04 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-01-02 23:04 . 2004-08-04 13:00 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2008-01-02 23:04 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-01-02 23:04 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2008-01-02 23:02 . 2004-08-04 13:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-02 23:01 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-02 23:00 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-01-02 22:59 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-02 22:58 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-01-02 22:57 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-02 22:57 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-02 22:57 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-02 22:57 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-02 22:57 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-02 22:57 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-02 22:57 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 22:57 . 2004-08-04 13:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-01-02 22:57 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-02 22:57 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-02 22:56 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-02 22:56 . 2001-08-17 12:12 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2008-01-02 22:56 . 2001-08-17 22:36 58,880 --a--c--- C:\WINDOWS\system32\dllcache\m3092dc.dll
2008-01-02 22:56 . 2001-08-17 12:19 48,768 --a--c--- C:\WINDOWS\system32\dllcache\maestro.sys
2008-01-02 22:56 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll
2008-01-02 22:56 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-01-02 22:56 . 2001-08-17 13:58 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2008-01-02 22:56 . 2001-08-17 13:52 7,424 --a--c--- C:\WINDOWS\system32\dllcache\mammoth.sys
2008-01-02 22:54 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-01-02 22:53 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-02 22:52 . 2004-08-04 13:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-02 22:51 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-01-02 22:50 . 2001-08-17 13:28 391,199 --a--c--- C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2008-01-02 22:49 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-02 22:48 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 00:06 --------- d-----w C:\Documents and Settings\CMoney\Application Data\LimeWire
2008-01-27 01:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 01:04 --------- d-----w C:\Program Files\Support Tools
2008-01-27 01:02 --------- d-----w C:\Program Files\Desktop
2008-01-27 01:02 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-12 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 08:16 --------- d-----w C:\Documents and Settings\CMoney\Application Data\Yahoo!
2008-01-01 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-29 10:30 --------- d-----w C:\Documents and Settings\CMoney\Application Data\BearShare
2007-12-29 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 09:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 09:28 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-12-27 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 22:51 --------- d-----w C:\Program Files\Network Chemistry
2007-12-18 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 01:04 --------- d-----w C:\Program Files\BroadJump
2007-04-08 22:13 15,916 -c--a-w C:\Program Files\Log.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]
C:\WINDOWS\system32\ssttq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-14 19:37 15360]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

R3 ATI_WDMAUD;ATI Integrated Digital Audio;C:\WINDOWS\system32\drivers\atiwdma.sys [2006-03-08 17:06]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 08:15]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 11:13]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 13:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 01:28:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-02 1:33:13 - machine was rebooted [CMoney]
ComboFix-quarantined-files.txt 2008-02-02 07:33:08
ComboFix2.txt 2008-02-01 22:41:51
.
2008-01-10 04:38:18 --- E O F ---
  • 0

#8
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

Making some progress.

----------------------------------------------------------------

We are going to use ComboFix to delete some things.

  • Copy the entire contents of the Code Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::
C:\WINDOWS\system32\ssttq.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]

Posted Image

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:
  • ComboFix Log
  • Kapersky Scan Log
  • Fresh HiJack This Log

  • 0

#9
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ComboFix 08-02.01.6 - CMoney 2008-02-02 10:02:51.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.108 [GMT -6:00]
Running from: C:\Documents and Settings\CMoney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CMoney\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\ssttq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 20:01 . 2008-02-01 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-01 19:05 . 2008-02-01 19:05 <DIR> d-------- C:\Program Files\Eidos Interactive
2008-02-01 16:47 . 2008-02-01 16:47 1,694 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-01 16:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-01 16:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-01 16:46 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-01 16:46 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-01 16:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-01 16:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-31 18:06 . 2008-01-31 18:06 <DIR> d-------- C:\Deckard
2008-01-31 17:37 . 2008-01-31 17:37 <DIR> d-------- C:\VundoFix Backups
2008-01-28 21:47 . 2008-01-28 21:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 23:05 . 2004-08-27 03:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-23 22:05 . 2008-01-23 22:05 <DIR> d-------- C:\Documents and Settings\CMoney\Application Data\MySpace
2008-01-22 20:14 . 2005-05-17 12:37 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-01-22 20:14 . 2005-05-18 11:52 1,212,416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-01-22 20:14 . 2005-04-15 12:08 880,640 --a------ C:\WINDOWS\system32\NCTAudioEditor2.dll
2008-01-22 20:14 . 2005-04-04 17:21 602,112 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll
2008-01-22 20:14 . 2005-03-28 15:54 479,232 --a------ C:\WINDOWS\system32\NCTAudioVisualization2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioRecord2.dll
2008-01-22 20:14 . 2005-04-25 13:01 458,752 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2008-01-22 20:14 . 2005-03-28 15:56 417,792 --a------ C:\WINDOWS\system32\NCTAudioDisplay2.dll
2008-01-22 20:14 . 2005-04-04 15:06 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-01-22 20:14 . 2006-03-23 12:56 113,486 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-01-22 20:13 . 2005-03-29 07:57 2,084,864 --a------ C:\WINDOWS\system32\NCTAudioDesign2.dll
2008-01-22 20:13 . 2004-11-04 13:31 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-01-22 20:13 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-01-14 20:27 . 2008-01-14 20:27 1,751 --a------ C:\WINDOWS\system32\jsoqhmcs.dll
2008-01-13 14:53 . 2008-01-13 14:54 <DIR> d-------- C:\WINDOWS\vf_hip
2008-01-13 14:53 . 2008-01-26 19:02 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-01-13 01:26 . 2008-01-13 01:36 0 --a------ C:\WINDOWS\galaxy.ini
2008-01-06 22:34 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-01-06 22:28 . 2008-01-23 23:10 <DIR> d-------- C:\Program Files\MagicISO
2008-01-02 23:20 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-02 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-02 23:18 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-02 23:17 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-02 23:16 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-02 23:15 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-02 23:14 . 2004-08-04 13:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-02 23:13 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-02 23:13 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-01-02 23:13 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-01-02 23:13 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-01-02 23:13 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-01-02 23:13 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-01-02 23:13 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-01-02 23:13 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-01-02 23:11 . 2004-08-04 13:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-02 23:10 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-02 23:09 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-02 23:08 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-02 23:07 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-02 23:06 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-01-02 23:06 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-01-02 23:06 . 2001-08-17 22:36 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-01-02 23:06 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-01-02 23:06 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-01-02 23:06 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-01-02 23:05 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-01-02 23:05 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-01-02 23:05 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-01-02 23:05 . 2004-08-03 23:04 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-01-02 23:05 . 2004-08-04 13:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
2008-01-02 23:05 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2008-01-02 23:04 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-01-02 23:04 . 2004-08-04 13:00 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2008-01-02 23:04 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-01-02 23:04 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2008-01-02 23:02 . 2004-08-04 13:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-02 23:01 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-02 23:00 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-01-02 22:59 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-02 22:58 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-01-02 22:57 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-02 22:57 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-02 22:57 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-01-02 22:57 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-01-02 22:57 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-01-02 22:57 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-01-02 22:57 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-02 22:57 . 2004-08-04 13:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-01-02 22:57 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-01-02 22:57 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-01-02 22:56 . 2001-08-17 14:56 235,648 --a--c--- C:\WINDOWS\system32\dllcache\mgaud.dll
2008-01-02 22:56 . 2001-08-17 12:12 164,586 --a--c--- C:\WINDOWS\system32\dllcache\mdgndis5.sys
2008-01-02 22:56 . 2001-08-17 22:36 58,880 --a--c--- C:\WINDOWS\system32\dllcache\m3092dc.dll
2008-01-02 22:56 . 2001-08-17 12:19 48,768 --a--c--- C:\WINDOWS\system32\dllcache\maestro.sys
2008-01-02 22:56 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\memgrp.dll
2008-01-02 22:56 . 2004-08-03 23:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-01-02 22:56 . 2001-08-17 13:58 8,320 --a--c--- C:\WINDOWS\system32\dllcache\memcard.sys
2008-01-02 22:56 . 2001-08-17 13:52 7,424 --a--c--- C:\WINDOWS\system32\dllcache\mammoth.sys
2008-01-02 22:54 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-01-02 22:53 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-02 22:52 . 2004-08-04 13:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-02 22:51 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-01-02 22:50 . 2001-08-17 13:28 391,199 --a--c--- C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2008-01-02 22:49 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-02 22:48 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-01-02 22:47 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 01:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 01:04 --------- d-----w C:\Program Files\Support Tools
2008-01-27 01:02 --------- d-----w C:\Program Files\Desktop
2008-01-27 01:02 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-12 08:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 08:16 --------- d-----w C:\Documents and Settings\CMoney\Application Data\Yahoo!
2007-12-29 09:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 09:28 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-12-27 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-20 22:51 --------- d-----w C:\Program Files\Network Chemistry
2007-12-18 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 01:04 --------- d-----w C:\Program Files\BroadJump
2007-04-08 22:13 15,916 -c--a-w C:\Program Files\Log.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FB2AD-1F78-4DE2-97AF-737104478C21}]
C:\WINDOWS\system32\ssttq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-14 19:37 15360]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Multi-function Keyboard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

R3 ATI_WDMAUD;ATI Integrated Digital Audio;C:\WINDOWS\system32\drivers\atiwdma.sys [2006-03-08 17:06]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 08:15]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 11:13]
S3 DCamUSBUVT;ICM532A;C:\WINDOWS\system32\Drivers\usbuvt.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 13:00]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 10:08:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-02 10:13:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 16:13:21
ComboFix2.txt 2008-02-02 07:33:13
ComboFix3.txt 2008-02-01 22:41:51
.
2008-02-02 15:56:29 --- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 4:45:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545991
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61161
Number of viruses found: 16
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 00:59:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38a0684cc5aeddb28e3ba828369fd43c_6cc9fa0b-102a-425e-bbb4-b538ff860a59 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_6cc9fa0b-102a-425e-bbb4-b538ff860a59 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cert8.db Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\history.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\key3.db Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\parent.lock Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138 ZIP: infected - 1 skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952 ZIP: infected - 1 skipped
C:\Documents and Settings\CMoney\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3\Photoshop.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3\Required\Droplet Template.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\nokia m.playa\NokiaMMSViewer.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\CMoney\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\zevivmte\rijelenk.dll.vir Infected: Trojan-Downloader.Win32.Zlob.fvi skipped
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\a95ykmXnPQuc.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\a95ykmXnPQud.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ac skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vcmgrd32.dll.vir Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001472.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001473.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001474.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001475.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001476.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001477.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001478.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001479.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001480.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001481.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001482.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001483.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001484.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001485.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001486.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001487.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001488.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001489.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001490.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001491.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001492.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001493.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001494.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001495.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001496.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001497.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001498.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001499.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001500.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001501.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001502.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001503.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001504.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001505.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001506.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001507.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001508.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001509.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001510.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001511.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001512.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001513.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001514.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001515.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001516.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001517.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001518.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001519.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001520.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001521.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001522.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001523.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001524.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001525.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001526.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001527.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001528.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001529.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001530.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001531.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001532.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001533.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001534.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001535.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001536.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001537.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001538.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001539.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001540.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001541.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001542.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001543.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001544.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001545.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001546.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001547.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001548.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001549.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001550.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001551.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001552.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001553.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001554.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001555.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001556.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001557.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001558.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001559.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001560.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001561.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001562.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001563.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001564.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001565.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001566.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001567.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001568.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001569.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001570.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001571.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001572.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001573.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001574.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001575.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001576.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001577.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001578.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001579.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001580.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001581.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001582.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001583.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001584.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001585.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001586.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001587.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001588.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001589.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001590.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001591.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001592.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001593.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001594.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001595.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001596.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001597.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001598.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001599.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001600.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001601.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001602.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001603.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001604.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001605.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001606.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001607.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001608.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001609.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001610.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001611.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001612.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001613.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001614.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001615.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001616.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001617.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001618.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001619.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001620.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001621.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001622.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001623.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001624.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001625.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001626.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001627.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001628.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001629.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001630.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001631.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001632.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001633.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001634.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001635.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001636.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001637.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001638.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001639.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001640.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001641.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001642.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001643.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001644.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001645.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001646.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001647.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001648.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001649.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001650.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001651.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001652.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001653.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001654.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001655.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001656.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001657.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001658.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001659.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001660.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001661.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001662.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001663.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001664.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001665.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001666.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001667.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001668.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001669.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001670.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001671.scr Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001672.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001673.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001674.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001675.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001676.exe Infected: Backdoor.Win32.Prorat.dz skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001677.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001678.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001679.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001680.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001681.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001682.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001684.dll Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001688.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001689.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001690.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001691.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001693.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001697.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001698.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001699.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001700.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001702.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001705.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001706.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001709.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001710.dll Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001713.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP
  • 0

#10
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Part of the Kapersky scan got cut off. Please try reposting it in its entirety.
  • 0

Advertisements


#11
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 4:45:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545991
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61161
Number of viruses found: 16
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 00:59:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38a0684cc5aeddb28e3ba828369fd43c_6cc9fa0b-102a-425e-bbb4-b538ff860a59 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_6cc9fa0b-102a-425e-bbb4-b538ff860a59 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cert8.db Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\history.dat Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\key3.db Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\parent.lock Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138 ZIP: infected - 1 skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952 ZIP: infected - 1 skipped
C:\Documents and Settings\CMoney\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CMoney\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\CMoney\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3\Photoshop.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3\Required\Droplet Template.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\My Documents\New Downloads\nokia m.playa\NokiaMMSViewer.exe Infected: Virus.Win32.Sality.p skipped
C:\Documents and Settings\CMoney\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\CMoney\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\zevivmte\rijelenk.dll.vir Infected: Trojan-Downloader.Win32.Zlob.fvi skipped
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\a95ykmXnPQuc.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\PerfInfo\a95ykmXnPQud.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ac skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vcmgrd32.dll.vir Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001472.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001473.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001474.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001475.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001476.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001477.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001478.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001479.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001480.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001481.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001482.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001483.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001484.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001485.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001486.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001487.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001488.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001489.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001490.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001491.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001492.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001493.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001494.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001495.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001496.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001497.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001498.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001499.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001500.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001501.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001502.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001503.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001504.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001505.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001506.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001507.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001508.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001509.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001510.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001511.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001512.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001513.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001514.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001515.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001516.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001517.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001518.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001519.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001520.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001521.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001522.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001523.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001524.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001525.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001526.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001527.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001528.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001529.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001530.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001531.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001532.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001533.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001534.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001535.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001536.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001537.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001538.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001539.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001540.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001541.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001542.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001543.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001544.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001545.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001546.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001547.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001548.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001549.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001550.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001551.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001552.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001553.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001554.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001555.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001556.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001557.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001558.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001559.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001560.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001561.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001562.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001563.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001564.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001565.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001566.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001567.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001568.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001569.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001570.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001571.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001572.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001573.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001574.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001575.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001576.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001577.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001578.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001579.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001580.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001581.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001582.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001583.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001584.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001585.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001586.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001587.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001588.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001589.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001590.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001591.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001592.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001593.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001594.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001595.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001596.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001597.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001598.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001599.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001600.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001601.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001602.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001603.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001604.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001605.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001606.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001607.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001608.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001609.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001610.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001611.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001612.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001613.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001614.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001615.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001616.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001617.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001618.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001619.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001620.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001621.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001622.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001623.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001624.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001625.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001626.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001627.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001628.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001629.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001630.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001631.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001632.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001633.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001634.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001635.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001636.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001637.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001638.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001639.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001640.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001641.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001642.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001643.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001644.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001645.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001646.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001647.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001648.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001649.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001650.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001651.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001652.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001653.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001654.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001655.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001656.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001657.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001658.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001659.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001660.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001661.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001662.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001663.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001664.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001665.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001666.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001667.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001668.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001669.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001670.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001671.scr Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001672.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001673.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001674.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001675.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001676.exe Infected: Backdoor.Win32.Prorat.dz skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001677.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001678.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001679.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001680.EXE Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001681.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001682.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001684.dll Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001688.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001689.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001690.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001691.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001693.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001697.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001698.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001699.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001700.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001702.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001705.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001706.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001709.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001710.dll Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001713.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001714.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001715.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001716.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001717.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP10\change.log Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP4\A0002874.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ci skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP6\A0002967.dll Infected: Trojan-Downloader.Win32.Zlob.fvi skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP6\A0002975.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ab skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP6\A0002976.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ac skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP7\A0003068.exe Infected: Virus.Win32.Sality.p skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP8\A0003120.dll Infected: Virus.Win32.Sality.p skipped
C:\VundoFix Backups\a95ykmXnPQpt.exe.bad Infected: not-a-virus:Downloader.Win32.WinFixer.ci skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_660.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\tracing\BAP.LOG Object is locked skipped
C:\WINDOWS\tracing\EAPOL.LOG Object is locked skipped
C:\WINDOWS\tracing\KMDDSP.LOG Object is locked skipped
C:\WINDOWS\tracing\NDPTSP.LOG Object is locked skipped
C:\WINDOWS\tracing\PPP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASAPI32.LOG Object is locked skipped
C:\WINDOWS\tracing\RASBACP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASCCP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASCHAP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASDLG.LOG Object is locked skipped
C:\WINDOWS\tracing\RASEAP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASIPCP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASIPHLP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASMAN.LOG Object is locked skipped
C:\WINDOWS\tracing\RASPAP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASSPAP.LOG Object is locked skipped
C:\WINDOWS\tracing\RASTAPI.LOG Object is locked skipped
C:\WINDOWS\tracing\RASTLS.LOG Object is locked skipped
C:\WINDOWS\tracing\tapi32.LOG Object is locked skipped
C:\WINDOWS\tracing\tapisrv.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#12
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

It looks like a couple of the programs on your machine have been infected by the virus, so we will have to get rid of them (Photoshop CS and Nokia Viewer). You can reinstall them once we have everything cleaned up.

----------------------------------------------------------------

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Nokia Multimedia Player

Please note any other programs that you dont recognize in that list in your next response

----------------------------------------------------------------

Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138
    C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952
    C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3
    C:\Documents and Settings\CMoney\My Documents\New Downloads\nokia m.playa
    C:\WINDOWS\system32\wowfx.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------

Please update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4 and save it to your desktop.
  • Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {503FB2AD-1F78-4DE2-97AF-737104478C21} - C:\WINDOWS\system32\ssttq.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Information to include in your next post:
  • OTMoveIt2 report
  • Fresh HiJack This Log

Edited by Stamper19, 03 February 2008 - 04:53 PM.

  • 0

#13
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTMoveIt2 v1.0.17
------------------------
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138 moved successfully.
C:\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952 moved successfully.
File/Folder C:\Documents and Settings\CMoney\My Documents\New Downloads\CS3 not found.
File/Folder C:\Documents and Settings\CMoney\My Documents\New Downloads\nokia m.playa not found.
LoadLibrary failed for C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32\wowfx.dll NOT unregistered.
C:\WINDOWS\system32\wowfx.dll moved successfully.

OTMoveIt2 v1.0.17 log created on 02032008_194742
----------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:50 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5414 bytes

-------------------------------------

Ok.programs I do not recognize are
"Athlon 64 Processor Drive"
" I recognize MagicDisk 2.5.79" but I cant delete It!
"Viewpoint Media Player"
Theres alot there Looks as if they belong I just dont know what they do..

I also deleted Nokia MMs. and PhotoshOp.

I see AOL in hijack logs and bearshare also I think.I would like those removed.
they are not in my programs just In those logs I see.?

oh yeah also Updated the java.deleted the old versions.
  • 0

#14
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi bender44,

Great job getting everything done. We are making good progress.

Regarding the programs you listed, Athlon 64 is nothing to worry about. The MagicDisk entry in the Add/Remove Programs is likely orphaned, meaning that the program is no longer on your computer, but the entry is leftover. We can get rid of this later when we clean things up. Go ahead and remove Viewpoint. I will get rid of the AOL entry in this round of fixes. Im not seeing where the bearshare is - can you point me towards the post you are seeing it in?

----------------------------------------------------------------

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rightonadz.biz/bc/123kah.php
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

----------------------------------------------------------------

Download the HostsXpert 4.2 - Hosts File Manager
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

----------------------------------------------------------------

Please download and run AVG Anti-Spyware.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

----------------------------------------------------------------

Information to include in your next post:
  • AVG Scan log
  • Fresh HiJack This Log

  • 0

#15
bender44

bender44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:49:39 AM 2/5/2008

+ Scan result:



HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001676.exe -> Backdoor.Prorat.dz : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\02032008_194742\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952/Installer.class -> Downloader.OpenConnection.ao : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001684.dll -> Downloader.Small.hkd : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\zevivmte\rijelenk.dll.vir -> Downloader.Zlob.fvi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP6\A0002967.dll -> Downloader.Zlob.fvi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001675.exe -> Not-A-Virus.Downloader.Win32.WinFixer.au : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\02032008_194742\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\37\3e36ace5-3663d952/ProxyClassLoader.class -> Not-A-Virus.Exploit.Java.Bytver.5.A : Cleaned with backup (quarantined).
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.67:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.59:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.72:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.52:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.53:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.15:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.45:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.16:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.33:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.34:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.35:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.36:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.12:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.13:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.70:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.71:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.10:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.11:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.6:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.7:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.8:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.9:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.30:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.31:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.32:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\CMoney\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.41:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\mx7awksi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\CMoney\Application Data\Mozilla\Firefox\Profiles\ovxxmgoz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\user1\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0001704.ocx -> Trojan.Agent.bgw : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\02032008_194742\Documents and Settings\CMoney\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-49600138/VaannnaaBaa.class -> Trojan.ClassLoader.as : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\winupdates\a.zip.vir/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).


::Report end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:27 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CMoney\My Documents\New Downloads\firefox\firefox2\firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 66.98.238.8:3128 local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://webcam.single...activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5754 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP