Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo & Others [CLOSED]

Started by Izod517 , Feb 12 2008 10:05 AM

  • This topic is locked This topic is locked

#1
Izod517
Posted 12 February 2008 - 10:05 AM

Izod517

    Member

  • Member
  • PipPip
  • 10 posts
I've been beating my head over these things on my old PC for weeks now. Normally I'm clean as a whistle but these bad boys refuse to be removed by any tools anywhere. I'm pretty computer smart so I feel for anyone who gets this stuff without help.

Here's my VBG.txt:

[02/12/2008, 9:54:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Izod\Desktop\VirtumundoBeGone.exe" )
[02/12/2008, 9:55:04] - Detected System Information:
[02/12/2008, 9:55:04] - Windows Version: 5.1.2600, Service Pack 2
[02/12/2008, 9:55:04] - Current Username: Izod (Admin)
[02/12/2008, 9:55:04] - Windows is in NORMAL mode.
[02/12/2008, 9:55:04] - Searching for Browser Helper Objects:
[02/12/2008, 9:55:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 9:55:04] - BHO 2: {2659EC03-C1D0-4944-AA76-E02749D48836} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vturq
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vturq, continuing.
[02/12/2008, 9:55:04] - BHO 3: {35aa8a7a-dcb6-426d-b8b3-c539ffa22de3} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\pwaxkfuu
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\pwaxkfuu, continuing.
[02/12/2008, 9:55:04] - BHO 4: {3E30A85B-B0B4-427C-A4D5-C8B95BB91F4C} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[02/12/2008, 9:55:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/12/2008, 9:55:04] - BHO 6: {74F62C70-870B-47FB-92CB-7CE5CF83F148} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 9:55:04] - BHO 8: {82EC6A5F-4602-43DA-8199-F19AF383AB1D} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 9: {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 10: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\rdlnihhz
[02/12/2008, 9:55:04] - Found: HKLM\...\Winlogon\Notify\rdlnihhz - This is probably Virtumundo.
[02/12/2008, 9:55:04] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[02/12/2008, 9:55:04] - BHO list has been changed! Starting over...
[02/12/2008, 9:55:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 9:55:04] - BHO 2: {2659EC03-C1D0-4944-AA76-E02749D48836} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vturq
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vturq, continuing.
[02/12/2008, 9:55:04] - BHO 3: {35aa8a7a-dcb6-426d-b8b3-c539ffa22de3} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\pwaxkfuu
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\pwaxkfuu, continuing.
[02/12/2008, 9:55:04] - BHO 4: {3E30A85B-B0B4-427C-A4D5-C8B95BB91F4C} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[02/12/2008, 9:55:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/12/2008, 9:55:04] - BHO 6: {74F62C70-870B-47FB-92CB-7CE5CF83F148} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 9:55:04] - BHO 8: {82EC6A5F-4602-43DA-8199-F19AF383AB1D} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 9: {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 10: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[02/12/2008, 9:55:04] - ALERT: Found MSEvents Object!
[02/12/2008, 9:55:04] - BHO 11: {AF140986-43A6-48AF-A63B-D747AE090811} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 12: {B9E85D85-F6EE-4655-A639-E33983612A6E} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vtusqol
[02/12/2008, 9:55:04] - Found: HKLM\...\Winlogon\Notify\vtusqol - This is probably Virtumundo.
[02/12/2008, 9:55:04] - Assigning {B9E85D85-F6EE-4655-A639-E33983612A6E} MSEvents Object
[02/12/2008, 9:55:04] - BHO list has been changed! Starting over...
[02/12/2008, 9:55:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 9:55:04] - BHO 2: {2659EC03-C1D0-4944-AA76-E02749D48836} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vturq
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vturq, continuing.
[02/12/2008, 9:55:04] - BHO 3: {35aa8a7a-dcb6-426d-b8b3-c539ffa22de3} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\pwaxkfuu
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\pwaxkfuu, continuing.
[02/12/2008, 9:55:04] - BHO 4: {3E30A85B-B0B4-427C-A4D5-C8B95BB91F4C} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[02/12/2008, 9:55:04] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[02/12/2008, 9:55:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/12/2008, 9:55:04] - BHO 6: {74F62C70-870B-47FB-92CB-7CE5CF83F148} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 9:55:04] - BHO 8: {82EC6A5F-4602-43DA-8199-F19AF383AB1D} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 9: {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 10: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[02/12/2008, 9:55:04] - ALERT: Found MSEvents Object!
[02/12/2008, 9:55:04] - BHO 11: {AF140986-43A6-48AF-A63B-D747AE090811} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - BHO 12: {B9E85D85-F6EE-4655-A639-E33983612A6E} (MSEvents Object)
[02/12/2008, 9:55:04] - ALERT: Found MSEvents Object!
[02/12/2008, 9:55:04] - BHO 13: {F7D8C66A-B614-4E7B-8781-B8AF725CFB5F} ()
[02/12/2008, 9:55:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:04] - No filename found. Continuing.
[02/12/2008, 9:55:04] - Finished Searching Browser Helper Objects
[02/12/2008, 9:55:04] - *** Detected MSEvents Object
[02/12/2008, 9:55:04] - Trying to remove MSEvents Object...
[02/12/2008, 9:55:05] - Terminating Process: IEXPLORE.EXE
[02/12/2008, 9:55:05] - Terminating Process: RUNDLL32.EXE
[02/12/2008, 9:55:06] - Disabling Automatic Shell Restart
[02/12/2008, 9:55:06] - Terminating Process: EXPLORER.EXE
[02/12/2008, 9:55:06] - Suspending the NT Session Manager System Service
[02/12/2008, 9:55:07] - Terminating Windows NT Logon/Logoff Manager
[02/12/2008, 9:55:08] - Re-enabling Automatic Shell Restart
[02/12/2008, 9:55:08] - File to disable: C:\WINDOWS\system32\rdlnihhz.dll
[02/12/2008, 9:55:08] - Renaming C:\WINDOWS\system32\rdlnihhz.dll -> C:\WINDOWS\system32\rdlnihhz.dll.vir
[02/12/2008, 9:55:08] - ! File rename was unsucessful.
[02/12/2008, 9:55:08] - Attempting to Deny Access to C:\WINDOWS\system32\rdlnihhz.dll
[02/12/2008, 9:55:08] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[02/12/2008, 9:55:08] - processed file: C:\WINDOWS\system32\rdlnihhz.dll

[02/12/2008, 9:55:08] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[02/12/2008, 9:55:08] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2008, 9:55:09] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2008, 9:55:10] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[02/12/2008, 9:55:10] - Deleting ATLEvents/MSEvents Registry entries
[02/12/2008, 9:55:10] - Removing HKLM\...\Winlogon\Notify\rdlnihhz
[02/12/2008, 9:55:10] - Searching for Browser Helper Objects:
[02/12/2008, 9:55:10] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 9:55:10] - BHO 2: {2659EC03-C1D0-4944-AA76-E02749D48836} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - Checking for HKLM\...\Winlogon\Notify\vturq
[02/12/2008, 9:55:10] - Key not found: HKLM\...\Winlogon\Notify\vturq, continuing.
[02/12/2008, 9:55:10] - BHO 3: {35aa8a7a-dcb6-426d-b8b3-c539ffa22de3} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - Checking for HKLM\...\Winlogon\Notify\pwaxkfuu
[02/12/2008, 9:55:10] - Key not found: HKLM\...\Winlogon\Notify\pwaxkfuu, continuing.
[02/12/2008, 9:55:10] - BHO 4: {3E30A85B-B0B4-427C-A4D5-C8B95BB91F4C} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[02/12/2008, 9:55:10] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[02/12/2008, 9:55:10] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/12/2008, 9:55:10] - BHO 6: {74F62C70-870B-47FB-92CB-7CE5CF83F148} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - No filename found. Continuing.
[02/12/2008, 9:55:10] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 9:55:10] - BHO 8: {82EC6A5F-4602-43DA-8199-F19AF383AB1D} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - No filename found. Continuing.
[02/12/2008, 9:55:10] - BHO 9: {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - No filename found. Continuing.
[02/12/2008, 9:55:10] - BHO 10: {AF140986-43A6-48AF-A63B-D747AE090811} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - No filename found. Continuing.
[02/12/2008, 9:55:10] - BHO 11: {B9E85D85-F6EE-4655-A639-E33983612A6E} (MSEvents Object)
[02/12/2008, 9:55:10] - ALERT: Found MSEvents Object!
[02/12/2008, 9:55:10] - BHO 12: {F7D8C66A-B614-4E7B-8781-B8AF725CFB5F} ()
[02/12/2008, 9:55:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:10] - No filename found. Continuing.
[02/12/2008, 9:55:10] - Finished Searching Browser Helper Objects
[02/12/2008, 9:55:10] - *** Detected MSEvents Object
[02/12/2008, 9:55:10] - Trying to remove MSEvents Object...
[02/12/2008, 9:55:11] - Terminating Process: IEXPLORE.EXE
[02/12/2008, 9:55:11] - Terminating Process: RUNDLL32.EXE
[02/12/2008, 9:55:11] - Disabling Automatic Shell Restart
[02/12/2008, 9:55:11] - Terminating Process: EXPLORER.EXE
[02/12/2008, 9:55:11] - Suspending the NT Session Manager System Service
[02/12/2008, 9:55:11] - Terminating Windows NT Logon/Logoff Manager
[02/12/2008, 9:55:12] - Re-enabling Automatic Shell Restart
[02/12/2008, 9:55:12] - File to disable: C:\WINDOWS\system32\vtusqol.dll
[02/12/2008, 9:55:12] - Renaming C:\WINDOWS\system32\vtusqol.dll -> C:\WINDOWS\system32\vtusqol.dll.vir
[02/12/2008, 9:55:12] - ! File rename was unsucessful.
[02/12/2008, 9:55:12] - Attempting to Deny Access to C:\WINDOWS\system32\vtusqol.dll
[02/12/2008, 9:55:12] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[02/12/2008, 9:55:12] - ERROR: The system cannot find the file specified.

[02/12/2008, 9:55:12] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[02/12/2008, 9:55:12] - Removing HKLM\...\Browser Helper Objects\{B9E85D85-F6EE-4655-A639-E33983612A6E}
[02/12/2008, 9:55:12] - Removing HKCR\CLSID\{B9E85D85-F6EE-4655-A639-E33983612A6E}
[02/12/2008, 9:55:12] - Adding Kill Bit for ActiveX for GUID: {B9E85D85-F6EE-4655-A639-E33983612A6E}
[02/12/2008, 9:55:12] - Deleting ATLEvents/MSEvents Registry entries
[02/12/2008, 9:55:12] - Removing HKLM\...\Winlogon\Notify\vtusqol
[02/12/2008, 9:55:12] - Searching for Browser Helper Objects:
[02/12/2008, 9:55:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/12/2008, 9:55:12] - BHO 2: {2659EC03-C1D0-4944-AA76-E02749D48836} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - Checking for HKLM\...\Winlogon\Notify\vturq
[02/12/2008, 9:55:12] - Key not found: HKLM\...\Winlogon\Notify\vturq, continuing.
[02/12/2008, 9:55:12] - BHO 3: {35aa8a7a-dcb6-426d-b8b3-c539ffa22de3} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - Checking for HKLM\...\Winlogon\Notify\pwaxkfuu
[02/12/2008, 9:55:12] - Key not found: HKLM\...\Winlogon\Notify\pwaxkfuu, continuing.
[02/12/2008, 9:55:12] - BHO 4: {3E30A85B-B0B4-427C-A4D5-C8B95BB91F4C} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[02/12/2008, 9:55:12] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[02/12/2008, 9:55:12] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/12/2008, 9:55:12] - BHO 6: {74F62C70-870B-47FB-92CB-7CE5CF83F148} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - No filename found. Continuing.
[02/12/2008, 9:55:12] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/12/2008, 9:55:12] - BHO 8: {82EC6A5F-4602-43DA-8199-F19AF383AB1D} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - No filename found. Continuing.
[02/12/2008, 9:55:12] - BHO 9: {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - No filename found. Continuing.
[02/12/2008, 9:55:12] - BHO 10: {AF140986-43A6-48AF-A63B-D747AE090811} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - No filename found. Continuing.
[02/12/2008, 9:55:12] - BHO 11: {F7D8C66A-B614-4E7B-8781-B8AF725CFB5F} ()
[02/12/2008, 9:55:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/12/2008, 9:55:12] - No filename found. Continuing.
[02/12/2008, 9:55:12] - Finished Searching Browser Helper Objects
[02/12/2008, 9:55:12] - Finishing up...
[02/12/2008, 9:55:12] - A restart is needed.

Edited by Izod517, 12 February 2008 - 10:06 AM.

  • 0

Advertisements

#2
Izod517
Posted 12 February 2008 - 10:06 AM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:10 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\LVCOMSX .EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSLAUNCH.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bcc6072f] rundll32.exe "C:\WINDOWS\system32\ksrgjdms.dll",b
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199150707718
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kgrmkwjw.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8451 bytes
  • 0

#3
Rorschach112
Posted 12 February 2008 - 10:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
Izod517
Posted 12 February 2008 - 10:48 AM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here's my ComboFix Log, it BSODed me, so we may have to try again:

ComboFix 08-02-12.3 - Izod 2008-02-12 10:26:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT -6:00]
Running from: C:\Documents and Settings\Izod\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\ytkdjbqp.dll
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\bamepljh.dll
C:\WINDOWS\system32\efyhrpim.dll
C:\WINDOWS\system32\hvjavuov.dll
C:\WINDOWS\system32\ksrgjdms.dll
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\meldiilb.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\onicivsg.dll
C:\WINDOWS\system32\oorwquor.dll
C:\WINDOWS\system32\pwaxkfuu.dll
C:\WINDOWS\system32\RCX21.tmp
C:\WINDOWS\system32\RCX22.tmp
C:\WINDOWS\system32\RCX24.tmp
C:\WINDOWS\system32\RCX2A.tmp
C:\WINDOWS\system32\RCX2B.tmp
C:\WINDOWS\system32\RCX30.tmp
C:\WINDOWS\system32\RCX31.tmp
C:\WINDOWS\system32\RCX3A.tmp
C:\WINDOWS\system32\RCX3D.tmp
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\rdlnihhz.dll
C:\WINDOWS\system32\rdlnihhz.dllbox
C:\WINDOWS\system32\rogbcsbg.dll
C:\WINDOWS\system32\smdjgrsk.ini
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqn.exe
C:\WINDOWS\system32\wmmisgcq.dll
C:\WINDOWS\system32\xgyoawgm.dll
C:\WINDOWS\system32\ytkdjbqp.dll
C:\WINDOWS\system32\ytkdjbqp.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 10:10 . 2008-02-12 10:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 10:10 . 2008-02-12 10:10 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\SUPERAntiSpyware.com
2008-02-12 10:10 . 2008-02-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 09:10 . 2007-11-01 05:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-12 09:10 . 2007-11-01 05:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-12 09:09 . 2008-02-12 09:15 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite
2008-02-12 09:09 . 2008-02-12 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-12 09:07 . 2008-02-12 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-02-10 21:44 . 2008-02-12 08:52 714 --ahs---- C:\WINDOWS\system32\mvdwqjeq.ini
2008-02-07 22:17 . 2008-02-10 21:42 594 --ahs---- C:\WINDOWS\system32\gilefbrx.ini
2008-02-06 18:08 . 2008-02-07 22:15 474 --ahs---- C:\WINDOWS\system32\fyhequfn.ini
2008-02-04 22:23 . 2008-02-06 18:07 354 --ahs---- C:\WINDOWS\system32\otiyylri.ini
2008-02-03 22:20 . 2008-02-04 22:20 714 --ahs---- C:\WINDOWS\system32\marnljww.ini
2008-02-01 07:37 . 2008-02-03 22:17 594 --ahs---- C:\WINDOWS\system32\mdxgqxkt.ini
2008-01-31 19:44 . 2008-01-31 19:44 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\Intuit
2008-01-27 16:39 . 2008-01-27 16:39 74,304 --a------ C:\WINDOWS\system32\kgrmkwjw.exe_old
2008-01-26 18:47 . 2008-01-26 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-26 18:46 . 2008-01-26 18:46 <DIR> d-------- C:\Program Files\Azureus
2008-01-26 18:46 . 2008-01-26 18:55 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\Azureus
2008-01-26 18:19 . 2008-01-26 18:19 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-26 17:08 . 2008-01-26 17:08 <DIR> d-------- C:\Program Files\uTorrent
2008-01-24 22:13 . 2008-01-24 22:13 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\SlySoft
2008-01-20 08:20 . 2008-01-20 08:20 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\AdobeUM
2008-01-16 18:15 . 2008-01-16 18:15 <DIR> d-------- C:\Program Files\StreamMyGame
2008-01-13 17:39 . 2008-01-14 02:00 206 --a------ C:\WINDOWS\wininit.ini
2008-01-13 14:44 . 2008-02-12 09:56 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 16:31 --------- d-----w C:\Program Files\Zune
2008-02-12 16:31 --------- d-----w C:\Program Files\iTunes
2008-02-12 16:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 03:00 --------- d-----w C:\Program Files\Common Files\HP
2008-01-30 03:35 --------- d-----w C:\Documents and Settings\Izod\Application Data\uTorrent
2008-01-27 00:19 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-25 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-10 00:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-01 18:03 --------- d-----w C:\Program Files\CursorXP
2008-01-01 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-01 06:05 --------- d-----w C:\Program Files\Security Task Manager
2008-01-01 02:16 --------- d-----w C:\Program Files\MSBuild
2008-01-01 02:11 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-01 02:09 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-01 01:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 01:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-01 01:35 --------- d-----w C:\Documents and Settings\Izod\Application Data\SystemRequirementsLab
2007-12-31 23:17 --------- d-----w C:\Program Files\Winamp Remote
2007-12-30 19:43 --------- d-----w C:\Program Files\DivX
2007-12-30 11:03 --------- d-----w C:\Program Files\Winamp
2007-12-30 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 23:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 03:06 --------- d-----w C:\Program Files\Webzen
2007-12-20 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 01:49 --------- d-----w C:\Program Files\Trend Micro
2007-12-20 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 00:17 57,856 ----a-w C:\fjrnkqwn.exe
2007-12-19 01:09 --------- d-----w C:\Documents and Settings\Izod\Application Data\Ahead
2007-12-19 00:33 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2007-12-19 00:33 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-19 00:32 --------- d-----w C:\Program Files\Macromedia
2007-12-18 00:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 00:22 --------- d-----w C:\Documents and Settings\Izod\Application Data\GlobalSCAPE
2007-12-15 19:11 --------- d-----w C:\Program Files\Comodo
2007-12-15 19:10 --------- d-----w C:\Documents and Settings\Izod\Application Data\vlc
2007-12-15 03:36 --------- d-----w C:\Documents and Settings\Izod\Application Data\Ventrilo
2007-12-15 02:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-15 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-15 02:20 --------- d-----w C:\Program Files\Symantec
2007-12-15 02:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-14 23:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-14 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-11-30 00:58 98,304 ----a-w C:\WINDOWS\DUMP4e7d.tmp
2006-10-06 09:08 3,080 ----a-w C:\Documents and Settings\Administrator\Application Data\CDBIDXL.DAT
2006-10-06 09:08 2,056 ----a-w C:\Documents and Settings\Administrator\Application Data\TDBIDXL.DAT
2006-10-06 09:07 6,908 ----a-w C:\Documents and Settings\Administrator\Application Data\NETRKDB.DAT
2006-10-06 09:07 2,376 ----a-w C:\Documents and Settings\Administrator\Application Data\NECDB.DAT
.
<pre>
----a-w		   182,936 2008-02-12 15:56:52  C:\Program Files\Charter High-Speed Security Suite\Common\FSM32 .EXE
----a-w		   739,936 2008-02-12 15:56:57  C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil .exe
----a-w		   517,768 2008-02-12 15:56:52  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			49,152 2008-02-12 15:56:46  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   256,576 2008-02-12 15:56:49  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2008-02-12 15:56:45  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,694,208 2008-01-09 00:24:47  C:\Program Files\Messenger\msmsgs .exe
----a-w		   471,040 2008-02-12 15:56:57  C:\Program Files\SlySoft\AnyDVD\AnyDVD .exe
----a-w			57,344 2008-02-12 15:56:46  C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w		 1,460,560 2008-01-09 00:24:49  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		   471,040 2007-12-31 23:14:36  C:\Program Files\Winamp Remote\bin\OrbTray .exe
----a-w		   166,304 2008-02-12 15:56:51  C:\Program Files\Zune\ZuneLauncher .exe
----a-w		   315,904 2008-01-01 02:36:44  C:\WINDOWS\inf\unregmp2 .exe
----a-w			15,360 2008-02-12 15:56:57  C:\WINDOWS\system32\ctfmon .exe
----a-w		   221,184 2008-02-12 15:56:44  C:\WINDOWS\system32\LVCOMSX .EXE
----a-w		   155,648 2007-12-31 23:14:14  C:\WINDOWS\system32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 08:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [ ]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [ ]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:07 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall]
C:\Program Files\Comodo\Firewall\CPF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-10 22:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CmdAgent"=2 (0x2)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 05:42]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2007-11-01 05:42]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 05:42]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 20:31]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 15:16]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 05:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 05:42]
S4 MS Common Service;MS Common Service;C:\WINDOWS\system32\mscomserv.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 15:23:19 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\CHARTE~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 10:40:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-02-12 10:43:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 16:43:43
ComboFix2.txt 2007-12-20 02:32:33
.
2007-07-11 12:48:49 --- E O F ---
  • 0

#5
Izod517
Posted 12 February 2008 - 10:49 AM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HiJackThis!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:32 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199150707718
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8142 bytes
  • 0

#6
Rorschach112
Posted 12 February 2008 - 11:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\mvdwqjeq.ini
C:\WINDOWS\system32\gilefbrx.ini
C:\WINDOWS\system32\fyhequfn.ini
C:\WINDOWS\system32\otiyylri.ini
C:\WINDOWS\system32\marnljww.ini
C:\WINDOWS\system32\mdxgqxkt.ini
C:\WINDOWS\system32\kgrmkwjw.exe_old
C:\fjrnkqwn.exe

RenV::
----a-w 182,936 2008-02-12 15:56:52 C:\Program Files\Charter High-Speed Security Suite\Common\FSM32 .EXE
----a-w 739,936 2008-02-12 15:56:57 C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil .exe
----a-w 517,768 2008-02-12 15:56:52 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w 49,152 2008-02-12 15:56:46 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 256,576 2008-02-12 15:56:49 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-02-12 15:56:45 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 1,694,208 2008-01-09 00:24:47 C:\Program Files\Messenger\msmsgs .exe
----a-w 471,040 2008-02-12 15:56:57 C:\Program Files\SlySoft\AnyDVD\AnyDVD .exe
----a-w 57,344 2008-02-12 15:56:46 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w 1,460,560 2008-01-09 00:24:49 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 471,040 2007-12-31 23:14:36 C:\Program Files\Winamp Remote\bin\OrbTray .exe
----a-w 166,304 2008-02-12 15:56:51 C:\Program Files\Zune\ZuneLauncher .exe
----a-w 315,904 2008-01-01 02:36:44 C:\WINDOWS\inf\unregmp2 .exe
----a-w 15,360 2008-02-12 15:56:57 C:\WINDOWS\system32\ctfmon .exe
----a-w 221,184 2008-02-12 15:56:44 C:\WINDOWS\system32\LVCOMSX .EXE
----a-w 155,648 2007-12-31 23:14:14 C:\WINDOWS\system32\NeroCheck .exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#7
Izod517
Posted 12 February 2008 - 01:46 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-02-12.3 - Izod 2008-02-12 13:10:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.664 [GMT -6:00]
Running from: C:\Documents and Settings\Izod\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Izod\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\fjrnkqwn.exe
C:\WINDOWS\system32\fyhequfn.ini
C:\WINDOWS\system32\gilefbrx.ini
C:\WINDOWS\system32\kgrmkwjw.exe_old
C:\WINDOWS\system32\marnljww.ini
C:\WINDOWS\system32\mdxgqxkt.ini
C:\WINDOWS\system32\mvdwqjeq.ini
C:\WINDOWS\system32\otiyylri.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fyhequfn.ini
C:\WINDOWS\system32\gilefbrx.ini
C:\WINDOWS\system32\kgrmkwjw.exe_old
C:\WINDOWS\system32\marnljww.ini
C:\WINDOWS\system32\mdxgqxkt.ini
C:\WINDOWS\system32\mvdwqjeq.ini
C:\WINDOWS\system32\otiyylri.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 10:54 . 2008-02-12 10:54 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\Grisoft
2008-02-12 10:54 . 2008-02-12 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-12 10:54 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 10:10 . 2008-02-12 10:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 10:10 . 2008-02-12 10:10 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\SUPERAntiSpyware.com
2008-02-12 10:10 . 2008-02-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 09:10 . 2007-11-01 05:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-02-12 09:10 . 2007-11-01 05:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-02-12 09:09 . 2008-02-12 09:15 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite
2008-02-12 09:09 . 2008-02-12 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-02-12 09:07 . 2008-02-12 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-01-31 19:44 . 2008-01-31 19:44 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\Intuit
2008-01-26 18:47 . 2008-01-26 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-26 18:46 . 2008-01-26 18:46 <DIR> d-------- C:\Program Files\Azureus
2008-01-26 18:46 . 2008-01-26 18:55 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\Azureus
2008-01-26 18:19 . 2008-01-26 18:19 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-26 17:08 . 2008-01-26 17:08 <DIR> d-------- C:\Program Files\uTorrent
2008-01-24 22:13 . 2008-01-24 22:13 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\SlySoft
2008-01-20 08:20 . 2008-01-20 08:20 <DIR> d-------- C:\Documents and Settings\Izod\Application Data\AdobeUM
2008-01-16 18:15 . 2008-01-16 18:15 <DIR> d-------- C:\Program Files\StreamMyGame
2008-01-13 17:39 . 2008-01-14 02:00 206 --a------ C:\WINDOWS\wininit.ini
2008-01-13 14:44 . 2008-02-12 09:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-13 14:44 . 2008-02-12 09:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 19:10 --------- d-----w C:\Program Files\Zune
2008-02-12 19:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-12 19:10 --------- d-----w C:\Program Files\iTunes
2008-02-12 16:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 15:56 221,184 ----a-w C:\WINDOWS\system32\LVCOMSX.EXE
2008-02-01 03:00 --------- d-----w C:\Program Files\Common Files\HP
2008-01-30 03:35 --------- d-----w C:\Documents and Settings\Izod\Application Data\uTorrent
2008-01-27 00:19 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-25 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-01 18:03 --------- d-----w C:\Program Files\CursorXP
2008-01-01 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-01 06:05 --------- d-----w C:\Program Files\Security Task Manager
2008-01-01 02:36 653,312 ----a-w C:\WINDOWS\inf\unregmp2.exe.tmp
2008-01-01 02:16 --------- d-----w C:\Program Files\MSBuild
2008-01-01 02:11 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-01 02:09 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-01 01:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 01:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-01 01:35 --------- d-----w C:\Documents and Settings\Izod\Application Data\SystemRequirementsLab
2007-12-31 23:17 --------- d-----w C:\Program Files\Winamp Remote
2007-12-31 23:14 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2007-12-30 19:43 --------- d-----w C:\Program Files\DivX
2007-12-30 11:03 --------- d-----w C:\Program Files\Winamp
2007-12-30 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-28 23:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 03:06 --------- d-----w C:\Program Files\Webzen
2007-12-20 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 01:49 --------- d-----w C:\Program Files\Trend Micro
2007-12-20 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-20 00:16 39,936 ----a-w C:\WINDOWS\system32\vtusqol.dll.vir
2007-12-19 01:09 --------- d-----w C:\Documents and Settings\Izod\Application Data\Ahead
2007-12-19 00:33 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2007-12-19 00:33 --------- d-----w C:\Program Files\Common Files\Macromedia
2007-12-19 00:32 --------- d-----w C:\Program Files\Macromedia
2007-12-18 00:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-18 00:22 --------- d-----w C:\Documents and Settings\Izod\Application Data\GlobalSCAPE
2007-12-15 19:11 --------- d-----w C:\Program Files\Comodo
2007-12-15 19:10 --------- d-----w C:\Documents and Settings\Izod\Application Data\vlc
2007-12-15 03:36 --------- d-----w C:\Documents and Settings\Izod\Application Data\Ventrilo
2007-12-15 02:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-15 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-15 02:20 --------- d-----w C:\Program Files\Symantec
2007-12-15 02:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-14 23:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-14 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-12-05 08:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 07:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 07:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 07:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 07:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 07:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 07:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 07:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 07:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 07:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 07:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 07:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 07:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 07:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 07:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 07:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 07:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 07:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 07:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 07:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 07:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 07:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 07:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 07:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 07:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 07:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 07:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 07:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 07:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 07:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-30 00:58 98,304 ----a-w C:\WINDOWS\DUMP4e7d.tmp
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-16 03:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 03:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 03:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 03:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 03:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 03:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2006-10-06 09:08 3,080 ----a-w C:\Documents and Settings\Administrator\Application Data\CDBIDXL.DAT
2006-10-06 09:08 2,056 ----a-w C:\Documents and Settings\Administrator\Application Data\TDBIDXL.DAT
2006-10-06 09:07 6,908 ----a-w C:\Documents and Settings\Administrator\Application Data\NETRKDB.DAT
2006-10-06 09:07 2,376 ----a-w C:\Documents and Settings\Administrator\Application Data\NECDB.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-08 18:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-08 18:24 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 09:56 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-12 09:56 471040]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-31 17:14 155648]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2008-02-12 09:56 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-12 09:56 132496]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2008-02-12 09:56 57344]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-12 09:56 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-12 09:56 256576]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 08:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-02-12 09:56 517768]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-02-12 09:56 166304]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe" [2008-02-12 09:56 182936]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2008-02-12 09:56 739936]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:07 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Firewall]
C:\Program Files\Comodo\Firewall\CPF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2004-11-10 22:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CmdAgent"=2 (0x2)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 05:42]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2007-11-01 05:42]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 05:42]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 20:31]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 15:16]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 05:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 05:42]
S4 MS Common Service;MS Common Service;C:\WINDOWS\system32\mscomserv.exe []

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 15:23:19 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\CHARTE~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 13:13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-12 13:14:41
ComboFix-quarantined-files.txt 2008-02-12 19:14:25
ComboFix2.txt 2008-02-12 16:43:55
ComboFix3.txt 2007-12-20 02:32:33
.
2007-07-11 12:48:49 --- E O F ---
  • 0

#8
Izod517
Posted 12 February 2008 - 01:46 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:41 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {74F62C70-870B-47FB-92CB-7CE5CF83F148} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {82EC6A5F-4602-43DA-8199-F19AF383AB1D} - (no file)
O2 - BHO: (no name) - {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} - (no file)
O2 - BHO: (no name) - {AF140986-43A6-48AF-A63B-D747AE090811} - (no file)
O2 - BHO: (no name) - {B9E85D85-F6EE-4655-A639-E33983612A6E} - (no file)
O2 - BHO: (no name) - {F7D8C66A-B614-4E7B-8781-B8AF725CFB5F} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199150707718
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9216 bytes
  • 0

#9
Rorschach112
Posted 12 February 2008 - 01:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {74F62C70-870B-47FB-92CB-7CE5CF83F148} - (no file)
O2 - BHO: (no name) - {82EC6A5F-4602-43DA-8199-F19AF383AB1D} - (no file)
O2 - BHO: (no name) - {9E6A2BEE-2283-4ECD-9A4A-379ACD16385E} - (no file)
O2 - BHO: (no name) - {AF140986-43A6-48AF-A63B-D747AE090811} - (no file)
O2 - BHO: (no name) - {B9E85D85-F6EE-4655-A639-E33983612A6E} - (no file)
O2 - BHO: (no name) - {F7D8C66A-B614-4E7B-8781-B8AF725CFB5F} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

#10
Izod517
Posted 12 February 2008 - 07:30 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 12, 2008 7:27:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/02/2008
Kaspersky Anti-Virus database records: 560167
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 140325
Number of viruses found: 28
Number of infected objects: 596
Number of suspicious objects: 2
Duration of the scan process: 01:47:55

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc288f0a4f8cf39a95e8c435ef2fe6a0_551a7395-fe2e-4d0d-b011-6f85ae709859 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e598b3ea3a5414cd0a8c5bb0dd55428f_551a7395-fe2e-4d0d-b011-6f85ae709859 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\vtsqn.exe.q_8041E05_q Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm2.zip/lsass.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-12_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Izod\Application Data\Sun\Java\Deployment\cache\6.0\47\2dcb5a6f-18ab2352/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Izod\Application Data\Sun\Java\Deployment\cache\6.0\47\2dcb5a6f-18ab2352/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\Izod\Application Data\Sun\Java\Deployment\cache\6.0\47\2dcb5a6f-18ab2352 ZIP: infected - 2 skipped
C:\Documents and Settings\Izod\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\Temp\Perflib_Perfdata_cb0.dat Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Izod\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Izod\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Izod\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\fjrnkqwn.0xe Infected: Trojan-Clicker.Win32.Costrat.cv skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-02-12.10-36-33.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsbwupst.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Nero\Nero BackItUp\NBJ.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-200921-228.0ll Infected: Trojan.Win32.Obfuscated.mi skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-200921-269.0ll Infected: Trojan-Downloader.Win32.BHO.ce skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-200921-614.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-201032-960.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-201435-360.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cln skipped
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\obsfcfsz.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
C:\qoobox\Quarantine\C\Program Files\3269.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\qoobox\Quarantine\C\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Helper\Helper8.dll.vir Infected: Trojan-Downloader.Win32.BHO.ce skipped
C:\qoobox\Quarantine\C\Program Files\Helper\superfinderusa.dll.vir Infected: Trojan.Win32.StartPage.atc skipped
C:\qoobox\Quarantine\C\Program Files\Helper\superfindout.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.oi skipped
C:\qoobox\Quarantine\C\Program Files\HP\HP Software Update\HPWuSchd2.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Java\jre1.6.0_03\bin\jusched.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\SlySoft\AnyDVD\AnyDVD.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\SlySoft\CloneCD\CloneCDTray.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\spoolsv.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\Program Files\Wuembkvt\wdlzkvew.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
C:\qoobox\Quarantine\C\Program Files\xsdunglg\xahsjapg.dll.vir Infected: Trojan-Downloader.Win32.Zlob.fof skipped
C:\qoobox\Quarantine\C\Program Files\Zune\ZuneLauncher.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\avp.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\lsass.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.at skipped
C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bamepljh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drvpug.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\efyhrpim.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fccccby.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ckt skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hvjavuov.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kgrmkwjw.exe_old.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ksrgjdms.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\LVCOMSX.EXE.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\meldiilb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.aa skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha2.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\njprckha\njprckha3.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\onicivsg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oorwquor.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pwaxkfuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX21.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX22.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX24.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX2A.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX2B.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX30.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX31.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX3A.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX3D.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\RCX3E.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rdlnihhz.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rogbcsbg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vtsqn.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wmmisgcq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xgyoawgm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ytkdjbqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\catchme2007-12-19_203004.51.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.cu skipped
C:\qoobox\Quarantine\catchme2007-12-19_203004.51.zip ZIP: infected - 1 skipped
C:\qoobox\Quarantine\catchme2008-02-12_104012.17.zip/vtsqn.dll Infected: Virus.Win32.Trats.c skipped
C:\qoobox\Quarantine\catchme2008-02-12_104012.17.zip/ytkdjbqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\qoobox\Quarantine\catchme2008-02-12_104012.17.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000014.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000016.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000017.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000019.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000022.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000023.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP0\A0000024.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP1\A0000025.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP1\A0000027.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002203.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002204.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002205.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002206.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002207.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002208.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002209.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002210.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002211.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002228.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002230.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002231.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002232.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002233.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002234.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002235.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002236.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002237.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002238.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002306.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002308.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002309.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002311.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002313.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002314.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002315.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002316.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002317.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002318.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002337.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002339.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002340.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002341.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002342.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002343.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002344.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002346.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002349.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP11\A0002352.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002370.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002372.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002373.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002374.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002375.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002376.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002377.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002378.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002379.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP12\A0002382.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002405.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002407.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002408.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002409.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002410.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002411.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002412.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002413.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002414.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP13\A0002415.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003439.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003441.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003442.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003443.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003444.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003445.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003446.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003447.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003449.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP14\A0003454.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003468.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003470.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003471.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003472.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003473.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003474.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003475.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003476.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003477.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003478.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003496.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003497.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003498.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003499.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003500.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003501.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003502.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003503.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003504.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003511.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003513.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003514.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003515.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003516.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003517.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003518.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP15\A0003519.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003532.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003533.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003534.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003535.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003536.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003537.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003538.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003539.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003549.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003550.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003551.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003552.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003553.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003554.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003555.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP16\A0003556.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004547.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004548.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004550.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004551.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004552.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004553.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004554.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004555.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004575.0xe Infected: Trojan-Downloader.Win32.Alphabet.at skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004576.0xe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP17\A0004577.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004581.dll Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004588.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004589.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004590.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004591.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004592.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004593.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004594.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004598.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004610.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004616.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP18\A0004617.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005623.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005624.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005625.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005626.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005627.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005628.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005629.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005630.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005646.exe Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005647.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005648.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005650.dll Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005664.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005665.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005666.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005667.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005668.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005669.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005670.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005688.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005689.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005690.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005691.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005692.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005693.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP19\A0005694.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000067.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000069.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000070.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000071.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000072.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000073.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000074.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000075.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000076.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP2\A0000077.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005707.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005708.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005709.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005710.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005711.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005712.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP20\A0005715.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005737.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005738.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005739.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005740.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005741.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005742.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005743.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005760.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005761.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005762.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005763.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005764.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005765.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005766.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005767.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005781.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005782.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005783.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005785.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005786.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005790.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP22\A0005791.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005813.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005814.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005815.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005816.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005817.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005818.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005819.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP23\A0005820.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005836.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005837.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005839.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005840.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005841.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005842.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005843.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005844.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005863.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005864.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005865.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005866.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005867.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005868.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005869.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005870.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005886.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005887.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005888.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005889.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005890.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005892.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP24\A0005893.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005920.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005921.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005922.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005923.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005924.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005925.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005926.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005927.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005962.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP25\A0005967.dll Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP26\A0005974.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP26\A0005981.dll Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP26\A0005982.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0005990.dll Object is locked skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006006.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006008.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006009.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006010.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006011.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006012.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006013.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006014.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006018.0xe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006028.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006029.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006030.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006031.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006032.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006033.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{745EA513-2AFC-4D0B-BD76-DF6AE1D6AA41}\RP27\A0006034.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\System Volume Information\_restore{7
  • 0

#11
Izod517
Posted 12 February 2008 - 07:30 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HJT log coming.
  • 0

#12
Izod517
Posted 12 February 2008 - 07:49 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:51 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199150707718
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9530 bytes
  • 0

#13
Izod517
Posted 12 February 2008 - 07:51 PM

Izod517

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
PC appears to be running clean, I'm shocked, I've tried everything! 2 years in computer science didn't help me fix this one but you guys sure did. Thank you so much.
  • 0

#14
Rorschach112
Posted 13 February 2008 - 06:50 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok nearly done now


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\All Users\Application Data\SecTaskMan\vtsqn.exe.q_8041E05_q
C:\fjrnkqwn.0xe
C:\Program Files\Nero\Nero BackItUp\NBJ.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#15
Rorschach112
Posted 17 February 2008 - 06:23 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP