Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo Can't Be Removed. Please Help

Started by TRex66 , Feb 03 2008 10:42 PM

  • Please log in to reply

#1
TRex66
Posted 03 February 2008 - 10:42 PM

TRex66

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys. I've been reading this great forum and trying to remove the Vundo malware. I have run ComboFix, and Spyware Doctor. Nothing has worked. It keeps coming back. So I'm here for your help. This is getting really frustrating, so I appreciate your help. I have attached my 3 logs below.

Thanks

Terence

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:39 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\spm\spmd.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [9832edca] rundll32.exe "C:\WINDOWS\system32\kycgtpxd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Unknown owner - C:\WINDOWS\system32\AvidSDMService.exe (file missing)
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6100 bytes


*********

AND MY COMBOFIX LOG:

ComboFix 08-02.03.1 - Terence Ziegler 2008-02-03 23:56:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1505 [GMT -5:00]
Running from: C:\Documents and Settings\Terence Ziegler\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ssqrpoo.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\btvehbjb.dll
C:\WINDOWS\system32\cnxxofdq.dll
C:\WINDOWS\system32\ibuzfsvr.dll
C:\WINDOWS\system32\ibuzfsvr.dll . . . . failed to delete
C:\WINDOWS\system32\ibuzfsvr.dllbox
C:\WINDOWS\system32\memgddub.dll
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\qdfoxxnc.ini
C:\WINDOWS\system32\ssqrpoo.dll
C:\WINDOWS\system32\vturo.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 23:20 . 2008-02-04 00:00 163,904 --a------ C:\WINDOWS\system32\ibuzfsvr.dll
2008-02-03 22:29 . 2008-02-03 22:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-03 22:29 . 2008-02-03 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-03 20:38 . 2008-02-03 20:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 20:38 . 2008-02-03 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 20:01 . 2008-02-03 20:01 41,984 --a------ C:\WINDOWS\system32\vturolm.dll.vir
2008-02-03 19:46 . 2008-02-03 19:50 1,558 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-03 17:30 . 2008-02-03 17:30 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-30 22:19 . 2008-01-30 23:16 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-30 22:19 . 2008-01-30 22:19 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-30 22:11 . 2008-01-30 22:11 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-30 22:10 . 2008-01-30 22:10 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-30 21:17 . 2008-01-30 21:46 <DIR> d-------- C:\VundoFix Backups
2008-01-29 23:25 . 2008-01-29 23:25 0 --a------ C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-01-29 23:09 . 2008-01-29 23:09 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\Nikon
2008-01-29 23:07 . 2008-01-29 23:07 <DIR> d-------- C:\Program Files\Nikon
2008-01-29 23:07 . 2008-01-29 23:25 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-01-29 23:07 . 2008-01-29 23:07 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-01-29 23:07 . 2008-01-29 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-01-29 23:07 . 2008-01-29 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-01-29 23:07 . 2008-01-29 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-01-29 23:07 . 2008-02-03 21:03 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-01-29 22:35 . 2008-01-29 22:44 <DIR> d-------- C:\Program Files\HyperLobbyPro3
2008-01-29 21:37 . 2008-01-29 23:31 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-01-29 21:37 . 2008-01-29 21:37 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\Flickr
2008-01-29 21:28 . 2008-02-03 21:03 <DIR> d-------- C:\Photographs
2008-01-29 21:20 . 2008-01-29 21:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-29 07:42 . 2004-08-30 21:00 1,441,792 --a------ C:\WINDOWS\system32\WinPrint.exe
2008-01-29 07:42 . 2008-01-29 07:43 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-28 22:25 . 2008-02-03 17:23 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-28 22:25 . 2008-01-28 22:25 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\PC Tools
2008-01-28 22:25 . 2008-02-04 00:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-28 22:25 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-28 22:25 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-28 22:25 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-28 22:25 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-27 21:42 . 2008-01-27 21:42 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-27 21:41 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-01-27 21:41 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-01-27 21:41 . 2008-01-27 21:41 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-27 21:41 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-01-27 21:41 . 2008-01-27 21:41 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-27 21:41 . 2008-01-27 21:41 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-27 21:41 . 2008-01-27 21:41 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-27 21:41 . 2008-01-27 21:41 22,328 --a------ C:\Documents and Settings\Terence Ziegler\Application Data\PnkBstrK.sys
2008-01-27 15:39 . 2008-01-27 15:39 <DIR> d-------- C:\megaSceneryX
2008-01-27 14:25 . 2008-01-27 14:33 <DIR> d-------- C:\Projects
2008-01-27 14:14 . 2008-02-04 00:01 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2008-01-27 14:14 . 2008-02-04 00:01 54,692 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2008-01-27 14:14 . 2008-02-04 00:01 54,692 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
2008-01-27 14:14 . 2008-02-04 00:01 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-01-27 14:14 . 2008-02-04 00:01 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-01-27 14:13 . 2008-01-27 14:13 <DIR> d-------- C:\Program Files\Creative
2008-01-27 14:13 . 2000-12-05 09:11 4,174,814 --a------ C:\WINDOWS\system32\CT4MGM.SF2
2008-01-27 14:12 . 2006-08-17 11:59 87,403 --a------ C:\WINDOWS\system32\instwdm.ini
2008-01-27 14:12 . 2006-08-17 11:31 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2008-01-27 14:12 . 2006-08-17 11:32 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-01-27 14:12 . 2006-08-17 10:55 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-01-27 13:59 . 2008-01-27 14:07 <DIR> d-------- C:\Program Files\DriverCleanerDotNET
2008-01-26 11:09 . 2008-01-26 11:10 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-01-26 10:38 . 2008-01-26 10:38 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\Nero
2008-01-26 10:37 . 2008-02-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-26 10:03 . 2008-01-26 10:03 <DIR> d-------- C:\Program Files\MagicDisc
2008-01-26 10:03 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-01-26 09:59 . 2008-01-26 09:59 <DIR> d-------- C:\Program Files\MagicISO
2008-01-25 22:02 . 2008-01-25 22:49 <DIR> d-------- C:\X-Plane 9.00 Beta-19
2008-01-25 22:01 . 2008-01-25 23:21 178 --a------ C:\X-Plane Installer.prf
2008-01-25 20:52 . 2008-01-25 21:04 <DIR> d-------- C:\Images & Textures
2008-01-25 20:40 . 2007-11-28 21:26 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-01-25 20:40 . 2007-11-28 21:26 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2008-01-25 20:40 . 2007-11-28 21:26 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2008-01-25 20:29 . 2008-01-27 21:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-25 20:29 . 2008-01-25 20:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-25 20:29 . 2008-01-25 20:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-25 20:25 . 2008-01-25 20:25 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\Avid
2008-01-25 20:25 . 2008-01-25 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avid
2008-01-25 20:22 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
2008-01-25 20:22 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-01-25 20:17 . 2008-01-25 20:17 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-01-25 20:16 . 2008-01-25 20:16 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-25 20:16 . 2008-01-25 20:16 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\PACE Anti-Piracy
2008-01-25 20:16 . 2008-01-25 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-25 20:16 . 2006-12-09 01:17 126,976 --a------ C:\WINDOWS\system32\Digi32.dll
2008-01-25 20:16 . 2007-11-28 21:26 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-01-25 20:15 . 2008-01-25 20:15 <DIR> d-------- C:\Program Files\InterLok
2008-01-25 20:15 . 2008-01-25 20:15 <DIR> d-------- C:\Program Files\Digidesign
2008-01-25 20:13 . 2007-11-28 21:18 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2008-01-25 20:12 . 2008-01-25 20:37 <DIR> d-------- C:\Program Files\Common Files\Avid
2008-01-25 20:11 . 2007-11-28 21:18 2,174,464 --a------ C:\WINDOWS\system32\mfc71ud.dll
2008-01-25 20:11 . 2007-11-28 21:18 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-01-25 20:10 . 2008-01-25 20:10 <DIR> d-------- C:\Program Files\SafeNet Sentinel
2008-01-25 20:10 . 2008-01-25 20:10 <DIR> d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-01-25 20:10 . 2008-01-25 20:41 <DIR> d-------- C:\Program Files\Avid
2008-01-25 00:48 . 2008-01-25 00:49 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-25 00:48 . 2008-02-03 20:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 00:48 . 2008-01-25 00:48 <DIR> d-------- C:\Documents and Settings\Terence Ziegler\Application Data\TuneUp Software
2008-01-25 00:48 . 2008-01-25 00:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-25 00:48 . 2008-01-25 00:48 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-25 00:48 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-24 23:02 . 2008-01-24 23:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-29 19:06 40,448 ----a-w C:\WINDOWS\system32\NTSpool.exe
2008-01-29 04:00 --------- d-----w C:\Program Files\ASUS
2008-01-21 05:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-21 03:48 --------- d-----w C:\Program Files\Realtek
2008-01-21 03:48 --------- d-----w C:\Documents and Settings\Terence Ziegler\Application Data\InstallShield
2008-01-21 03:44 --------- d-----w C:\Program Files\Marvell
2008-01-21 03:44 --------- d-----w C:\Documents and Settings\Terence Ziegler\Application Data\TMP
2008-01-21 03:41 --------- d-----w C:\Program Files\Analog Devices
2008-01-21 03:32 --------- d-----w C:\Program Files\Intel
2008-01-21 03:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 06:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 06:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 06:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 06:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 06:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 06:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 06:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 06:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 06:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 06:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 06:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 06:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 06:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 06:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-29 03:37 1,536,000 ----a-w C:\WINDOWS\system32\AvidStartup.exe
2007-11-29 03:05 483,328 ----a-w C:\WINDOWS\system32\Dsi.dll
2007-11-29 02:31 141,312 ----a-w C:\WINDOWS\system32\FFBTN32.dll
2007-11-29 02:20 7,962,624 ----a-w C:\WINDOWS\system32\SVI.dll
2007-11-29 02:18 544,768 ----a-w C:\WINDOWS\system32\msvcr71d.dll
2007-11-29 02:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-29 02:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-29 02:18 2,179,072 ----a-w C:\WINDOWS\system32\MFC71d.dll
2007-11-29 02:18 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2007-11-29 02:18 1,047,552 ----a-w C:\WINDOWS\system32\MFC71u.dll
2007-11-29 02:15 53,248 ----a-w C:\WINDOWS\system32\ipl.dll
2007-11-29 02:15 2,981,888 ----a-w C:\WINDOWS\system32\iplw7.dll
2007-11-29 02:15 2,973,696 ----a-w C:\WINDOWS\system32\iplA6.dll
2007-11-29 02:15 2,785,280 ----a-w C:\WINDOWS\system32\iplM6.dll
2007-11-29 02:15 2,686,976 ----a-w C:\WINDOWS\system32\iplM5.dll
2007-11-29 02:15 2,531,328 ----a-w C:\WINDOWS\system32\iplP6.dll
2007-11-29 02:15 2,502,656 ----a-w C:\WINDOWS\system32\iplPX.dll
2007-11-29 02:15 19,968 ----a-w C:\WINDOWS\system32\Cpuinf32.dll
2007-11-29 02:15 184,320 ----a-w C:\WINDOWS\system32\libguide40.dll
2007-11-29 02:15 122,880 ----a-w C:\WINDOWS\system32\PtSSE2.dll
2007-11-29 02:15 1,728,606 ----a-w C:\WINDOWS\system32\libmmdd.dll
2007-11-29 02:15 1,658,973 ----a-w C:\WINDOWS\system32\libmmd.dll
2007-11-29 01:37 102,400 ----a-w C:\WINDOWS\system32\Dac32.dll
2007-11-29 01:34 675,840 ----a-w C:\WINDOWS\system32\mmclientVC7.dll
2007-11-29 01:34 65,536 ----a-w C:\WINDOWS\system32\AvidQTUpdaterVC7.dll
2007-11-29 01:34 614,400 ----a-w C:\WINDOWS\system32\AvOmfToolkit.dll
2007-11-29 01:34 61,440 ----a-w C:\WINDOWS\system32\libjpegV4.dll
2007-11-29 01:31 66,560 ----a-w C:\WINDOWS\system32\ntrights.exe
2007-11-14 19:20 2,686,232 ----a-w C:\vcredist_x86.exe
2007-11-13 02:44 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2007-11-13 02:43 38,400 ----a-w C:\WINDOWS\system32\READREG.EXE
2007-11-13 02:43 37,888 ----a-w C:\WINDOWS\system32\PSCONV.EXE
2007-11-13 02:43 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
2007-11-13 02:40 43,520 ----a-w C:\WINDOWS\system32\CTXFIREG.EXE
2007-11-13 02:34 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
2007-11-13 02:31 5,120 ----a-w C:\WINDOWS\system32\ENLOCSTR.EXE
2007-11-13 02:31 32,768 ----a-w C:\WINDOWS\system32\DEVREG.DLL
2007-11-13 02:31 28,672 ----a-w C:\WINDOWS\system32\MIDIDEF.EXE
2007-11-13 02:31 10,240 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-04 00:00 163904 --a------ C:\WINDOWS\system32\ibuzfsvr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 01:17 61440]

C:\Documents and Settings\Terence Ziegler\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-06-14 19:39:18 479232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-01-21 21:36:41 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 6 (0x6)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"Windows Printing Driver"= WinPrint.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A1A23B1C-41B1-4978-A039-8C39E3A4B0E6}"= C:\WINDOWS\system32\pmnkhhe.dll [2008-02-04 00:03 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxutrr]
cbxutrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuzfsvr]
ibuzfsvr.dll 2008-02-04 00:00 163904 C:\WINDOWS\system32\ibuzfsvr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifggge]
iifggge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kaokrcbk]
kaokrcbk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdeee]
khfdeee.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgheb]
khfgheb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhhe]
pmnkhhe.dll 2008-02-04 00:03 41984 C:\WINDOWS\system32\pmnkhhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ai Remote Help"="C:\Program Files\ASUS\AI Remote\AiRc.exe" -r
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe boot
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe

R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2006-12-08 22:50]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-07-27 07:00]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-25 00:48]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 05:48:50 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 00:03:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ibuzfsvr.dll
-> C:\WINDOWS\system32\pmnkhhe.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ibuzfsvr.dll
-> C:\WINDOWS\system32\pmnkhhe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\spm\spmd.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2008-02-04 0:05:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 05:05:25
ComboFix2.txt 2008-02-04 04:15:00
ComboFix3.txt 2008-02-04 01:03:38
.
2008-01-29 13:59:03 --- E O F ---

*************

AND MY KASPERSKY SCAN REPORT:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 04, 2008 8:35:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/02/2008
Kaspersky Anti-Virus database records: 546566
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 348475
Number of viruses found: 9
Number of infected objects: 45
Number of suspicious objects: 0
Duration of the scan process: 01:00:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Application Data\Mozilla\Firefox\Profiles\yzik6hzu.default\Cache\AABCD130d01 Infected: Trojan.Win32.Agent.ept skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\History\History.IE5\MSHist012008020420080205\index.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\temp\~DF9230.tmp Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Terence Ziegler\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Terence Ziegler\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Terence Ziegler\Terence Misc Stuff\CleanTrojan\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Terence Ziegler\Terence Misc Stuff\CleanTrojan\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Terence Ziegler\Terence Misc Stuff\CleanTrojan\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Terence Ziegler\Terence Misc Stuff\CleanTrojan\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccbba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fig skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dupishsm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\memgddub.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmnkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gel skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ohdcvmft.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\opnklkl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fig skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\opnklmj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fig skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xdvgkrkx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\catchme2008-02-03_231256.35.zip/xdvgkrkx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\catchme2008-02-03_231256.35.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-04_ 00251.06.zip/ibuzfsvr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\catchme2008-02-04_ 00251.06.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP1\A0000006.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP1\A0000006.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP1\A0000006.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP1\A0000015.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP2\A0000070.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP5\A0002123.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP5\A0002128.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP5\A0002136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP5\A0002145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP7\change.log Object is locked skipped
C:\System Volume Information\_restore{7A45C217-E07C-4BF3-8EB8-8D793F6EBDB1}\RP7\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\cbxxxwx.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\ddcaywv.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\dvjqpsem.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\efcaxyw.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\jkkljji.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\ljjjjjh.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\nnnnmno.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\qomlkhg.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\ssqpmji.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\ssqpomm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fig skipped
C:\VundoFix Backups\tuvsqnk.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\tuvtutr.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\urqomjk.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\urqonno.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\VundoFix Backups\urqpmnk.dll.bad Infected: Trojan-Downloader.Win32.Small.iag skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ibuzfsvr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\WINDOWS\system32\NTSpool.exe Infected: Trojan.Win32.Inject.uy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WinPrint.exe Infected: Trojan.Win32.Pakes.bzo skipped
C:\WINDOWS\TEMP\hlktmp Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4ec.dat Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_5ec.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by TRex66, 04 February 2008 - 04:38 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP