Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Error loading C:\WINDOWS\system32\vturp.dll"


  • This topic is locked This topic is locked

#1
ref3_14

ref3_14

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

I recently purchased a copy of Panda Antivirus (I chose them mostly because I was supporting their 'free online scan' approach). I believe it attempted to vix the vturp.dll virus/spyware by blocking access to the file. Unfortunately, I keep getting a pop-up from Windows stating: "Error loading C:\WINDOWS\system32\vturp.dll". The pop-up appears every ten seconds.

In trying to find a way to get rid of the pop-ups (by looking on the Internet), I have come to realise that I am most likely infected with several other variations of the theme. So I have come to you.

I've followed the steps from the 'You Must Read This Before Posting A Hijackthis Log' post (Ad-Aware spyware scanner, Panda antivirus, set a system restore point and ran ATF Cleaner). Here is my HijackThis log and my uninstall list.

Thank-you in advance for any advice you can give me. If you require any other information, I would be happy to oblige.




Logfile of HijackThis v1.99.1
Scan saved at 6:29:01 PM, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09 .exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\hphmon05 .exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Unlocker\UnlockerAssistant .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\vturp.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E36501C-DFAC-F208-9BAD-3BC4D417E852} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: {11e7fb6c-0a99-00ba-0cf4-c51e0c43f376} - {673f34c0-e15c-4fc0-ab00-99a0c6bf7e11} - C:\WINDOWS\system32\qkiaoygi.dll
O2 - BHO: (no name) - {75F5A5BA-4272-F650-CD94-202210C2709E} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ykbtqand.dll (file missing)
O2 - BHO: (no name) - {DDB9F7B9-8ABF-427A-BAF5-EC66B97E2200} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\fcccyxy.dll
O2 - BHO: (no name) - {EDA183BA-A0B2-4A98-B840-C38E7A234F0B} - C:\WINDOWS\system32\sstss.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [spam proxy admin sect] C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy\tons burn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Jonathan\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKLM\..\Run: [FAF803FB0302020] 16141E171E1D1.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [inside view] C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fpuypv] "C:\Documents and Settings\Jonathan\Application Data\??mbols\d?dplay.exe"
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Smob] "C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [Kxxggytl] "C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: drlowkwn - drlowkwn.dll (file missing)
O20 - Winlogon Notify: fcccyxy - C:\WINDOWS\SYSTEM32\fcccyxy.dll
O20 - Winlogon Notify: xrcbrkvu - xrcbrkvu.dll (file missing)
O20 - Winlogon Notify: ykbtqand - ykbtqand.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tfkecalb.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe














AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Pic Hunter 1.50
Advanced Woman Calendar 2.0
ArcSoft PhotoStudio 5.5
ATI Control Panel
ATI Display Driver
ATI HydraVision
AVI/MPEG/RM/WMV Joiner 4.81
AVI/MPEG/RM/WMV Splitter 4.28
Better File Rename 4.0
BSPlayer
BulletProofSoft Youtube Google Video Grabber 1.0.0.0
Canadian Rental Kit
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.7
Canon EOS 10D WIA Driver
Canon EOS Kiss REBEL 300D WIA Driver
Canon iP6210D
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CloneDVD 2.2
Codec Pack - All In 1 6.0.3.0
Cole2k Media - Codec Pack (Advanced) 6.0.8
Command & Conquer Generals
Command & Conquer Red Alert 2
CopyToDVD Suite 3
Creative DVD Audio Plugin for Audigy Series
Creative WebCam NX Driver (1.02.01.0827)
Creative WebCam NX User's Guide (English)
CuteFTP Pro 3.3
CyberAnswers.org
Direct Show Ogg Vorbis Filter (remove only)
DirectShow subtitle filter colleciton (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Region-Free 3.05
DVD Shrink 3.2
DVD X Rescue
DVDXCopy Platinum 3.2.1
eDonkey2000
eMule
eXtreme Movie Manager 4.5 (Build 1 REGISTERED) - Full Installat
eXtreme Movie Manager 4.8 (Build 1 REGISTERED) - UPDATE
eXtreme Movie Manager 6.0.8.0 - Update ONLY!
FUJIFILM USB Driver
Future Photo Print Wizard (Standalone)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp instant support
HP Memories Disc
HP Software Update
Indeo® Software
InstantCopy
InterVideo WinDVD 5
iPod for Windows 2005-10-12
iPod for Windows 2005-11-17
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Just Resize My Photos 1.2.0
Lexmark Z600 Series
Logitech QuickCam
Macromedia Flash Player 8
Manual CanoScan 5200F
Matroska Pack - Lazy Man's MKV 0.9.9
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor (CiD)
MetFileRegenerator v3.012.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
My DSC
Naevius YouTube Converter 1.5
Nero Suite
NeroVision Express 2
Netscape (7.1)
Netscape Browser (remove only)
Netscape SmartDownload 1.5
Nic's XviD Decoder
NTI CD-Maker 6 Gold
OmniPage SE 2.0
Panda ActiveScan
Panda ActiveScan Pro
Panda Antivirus 2008
PartyPoker
PDF Settings
Photo Screensaver Maker V3.6.6
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
PowerDVD Copy 1.0
QuickTime
[email protected] Plus
RAW FILE CONVERTER LE
RescuePRO™ 3.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SnagIt 7
SolidWorks 2003
Strip Saver 1.02
Subtitle Studio 2.0 R-2
Tag&Rename 3.0.5
UFile 2005
UFile Updater 2005
Ultra Video Joiner 3.2.6
Uniblue RegistryBooster 2
Unlocker 1.8.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
USB Storage Driver
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player (Remove Only)
VirtuaGirl
VirtuaGirl HD
VobSub v2.23 (Remove Only)
WebCam for MSN Messenger
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
X264 H.264/AVC Video Codec (remove only)
XviD MPEG-4 Video Codec
Yahoo! Toolbar
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are my Combolog.txt and new hijackthis.log files:









ComboFix 08-02-22.3 - Jonathan 2008-02-22 19:31:01.1 - NTFSx86
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jonathan\Application Data\CROSOF~1.NET
C:\Documents and Settings\Jonathan\Application Data\MBOLS~1
C:\Documents and Settings\Jonathan\Application Data\RACLE~1
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Common Files\sembly~1
C:\Program Files\Drmupgds\Drmupgds.exe
C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netscape\Netscape\NETSCP.EXE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\REGSHAVE\REGSHAVE.EXE
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\b104.exe.bin
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe.bin
C:\WINDOWS\b149.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\csrss .exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\exefld
C:\WINDOWS\hosts
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\system32\ajwekdsu.ini
C:\WINDOWS\system32\aobphuqd.ini
C:\WINDOWS\system32\aqytaygq.ini
C:\WINDOWS\system32\astqrasq.ini
C:\WINDOWS\system32\biuajkvk.ini
C:\WINDOWS\system32\bxuoopgr.dll
C:\WINDOWS\system32\cjqwfvkf.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\culeypgy.ini
C:\WINDOWS\system32\dbolifvs.dll
C:\WINDOWS\system32\dflcpjwi.dll
C:\WINDOWS\system32\djceqmsi.dll
C:\WINDOWS\system32\dquhpboa.dll
C:\WINDOWS\system32\drlowkwn.dllbox
C:\WINDOWS\system32\fbupqnwx.ini
C:\WINDOWS\system32\fkbvgqfu.ini
C:\WINDOWS\system32\fkuktesh.ini
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\hxpsssio.ini
C:\WINDOWS\system32\ifcjwagu.ini
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ikuholay.ini
C:\WINDOWS\system32\imunqlqi.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\kjqvbtcu.dll
C:\WINDOWS\system32\kncmnhmq.ini
C:\WINDOWS\system32\kvkjauib.dll
C:\WINDOWS\system32\lbgnlyht.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgbknedr.ini
C:\WINDOWS\system32\mjtysrwn.dll
C:\WINDOWS\system32\mywhtovt.ini
C:\WINDOWS\system32\mywhtovt.ini2
C:\WINDOWS\system32\mywhtovt.tmp
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\nftxvtji.ini
C:\WINDOWS\system32\ngjcqpkt.ini
C:\WINDOWS\system32\odawxgrp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pjhlvdfl.ini
C:\WINDOWS\system32\pmemhlux.dll
C:\WINDOWS\system32\pnesxqrv.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\pxusuikq.ini
C:\WINDOWS\system32\qdlyxjdq.ini
C:\WINDOWS\system32\qkiaoygi.dll
C:\WINDOWS\system32\qllpnsci.dll
C:\WINDOWS\system32\qlqpwtpr.ini
C:\WINDOWS\system32\qqaskvaa.ini
C:\WINDOWS\system32\qrejvbyx.dll
C:\WINDOWS\system32\qsarqtsa.dll
C:\WINDOWS\system32\rbrdhjoq.ini
C:\WINDOWS\system32\RCX97.tmp
C:\WINDOWS\system32\riwiflic.dll
C:\WINDOWS\system32\rjetnfse.dll
C:\WINDOWS\system32\rmebmskm.ini
C:\WINDOWS\system32\rqdormto.dll
C:\WINDOWS\system32\rtmamopd.dll
C:\WINDOWS\system32\rtyccwcu.ini
C:\WINDOWS\system32\rwuqaxjw.dll
C:\WINDOWS\system32\rxtqnwuj.ini
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\sstss.ini
C:\WINDOWS\system32\sstss.ini2
C:\WINDOWS\system32\tbljdxtd.dll
C:\WINDOWS\system32\thrlplxx.ini
C:\WINDOWS\system32\trqmotjv.ini
C:\WINDOWS\system32\uehpulyc.ini
C:\WINDOWS\system32\uriffpsl.dll
C:\WINDOWS\system32\usdkewja.dll
C:\WINDOWS\system32\vjtomqrt.dll
C:\WINDOWS\system32\vjyekown.ini
C:\WINDOWS\system32\vknepcxl.ini
C:\WINDOWS\system32\vlbcbmuj.ini
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vwclhfkn.ini
C:\WINDOWS\system32\wnstsit32.exe
C:\WINDOWS\system32\wqlinhrc.ini
C:\WINDOWS\system32\wwuafnny.ini
C:\WINDOWS\system32\xrcbrkvu.dllbox
C:\WINDOWS\system32\yceyplll.ini
C:\WINDOWS\system32\ydnygfwr.dll
C:\WINDOWS\system32\ygblhlda.ini
C:\WINDOWS\system32\ykbtqand.dllbox
C:\WINDOWS\system32\ylvdabwh.dll
C:\WINDOWS\system32\yoyphtbp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 19:31 21 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-21 18:39 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-15 11:25 . 2008-02-15 11:25 334,336 --a------ C:\WINDOWS\system32\5CDB.tmp
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-14 00:52 . 2008-02-14 00:52 337,408 --a------ C:\WINDOWS\system32\RCX219.tmp
2008-02-13 22:28 . 2008-02-13 22:28 1,183,397 --ahs---- C:\WINDOWS\system32\vjyekown.tmp
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-09 03:57 . 2008-02-22 19:39 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-07 17:23 . 2004-08-04 02:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-02-07 17:23 . 2004-08-04 02:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-02-03 15:39 . 2008-02-03 15:39 1,120,407 --ahs---- C:\WINDOWS\system32\qdlyxjdq.tmp
2008-02-01 15:24 . 2008-02-01 15:24 1,131,883 --ahs---- C:\WINDOWS\system32\aqytaygq.tmp
2008-01-25 05:43 . 2008-01-25 05:43 <DIR> d-------- C:\WINDOWS\system32\E3E1EBE4EBEAE
2008-01-25 05:43 . 2007-12-14 07:40 120,832 --a------ C:\WINDOWS\system32\16141E171E1D1.exe
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 00:40 --------- d-----w C:\Program Files\Unlocker
2008-02-23 00:40 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 00:40 --------- d-----w C:\Program Files\QuickTime
2008-02-23 00:39 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 00:39 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-22 23:13 --------- d-----w C:\Program Files\eMule
2008-02-22 02:17 --------- d-----w C:\Program Files\vghd
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:29 --------- d-----w C:\Program Files\iTunes
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 08:00 --------- d-----w C:\Program Files\Adverts
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 17:49 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\vghd
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
.
<pre>
----a-w		   313,472 2008-02-12 06:03:47  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w		   335,872 2008-01-10 21:45:32  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			61,440 2008-02-23 00:21:15  C:\Program Files\Drmupgds\Drmupgds .exe
----a-w			49,152 2008-02-23 00:20:31  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2008-02-23 00:20:24  C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05 .exe
----a-w		   241,664 2008-02-23 00:20:25  C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w		   278,528 2008-01-26 17:42:39  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   188,416 2008-02-23 00:20:26  C:\Program Files\Logitech\Video\ISStart .exe
----a-w			65,536 2008-02-23 00:20:26  C:\Program Files\Logitech\Video\LogiTray .exe
----a-w		   190,024 2008-02-23 00:20:58  C:\Program Files\Messenger Plus! 3\MsgPlus .exe
----a-w		 5,674,352 2008-02-23 00:21:36  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w		   568,096 2008-02-11 02:31:14  C:\Program Files\Netscape\Netscape\NETSCP .EXE
----a-w		   455,984 2008-02-14 05:52:34  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
----a-w		   520,192 2008-01-20 03:42:46  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   520,192 2008-01-17 21:52:59  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   520,192 2008-01-17 03:44:05  C:\Program Files\QuickTime\qttask			.exe
----a-w		   520,192 2008-01-16 05:31:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   520,192 2008-01-15 22:14:21  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   520,192 2008-01-14 21:23:22  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   155,648 2008-02-22 01:05:12  C:\Program Files\QuickTime\qttask		.exe
----a-w		   186,368 2008-02-21 22:38:12  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   520,192 2008-02-14 05:51:51  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   520,192 2008-02-10 15:14:46  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   520,192 2008-01-12 16:41:50  C:\Program Files\QuickTime\qttask	.exe
----a-w		   520,192 2008-01-12 04:18:21  C:\Program Files\QuickTime\qttask   .exe
----a-w		   520,192 2008-01-10 22:26:18  C:\Program Files\QuickTime\qttask  .exe
----a-w		   520,192 2008-01-10 22:19:09  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2008-02-23 00:20:25  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w			49,152 2008-01-12 16:45:38  C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
----a-w		 1,885,464 2008-01-12 16:47:12  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w			 6,144 2008-02-23 00:20:36  C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w			15,360 2008-02-07 22:24:46  C:\WINDOWS\system32\ctfmon .exe
----a-w		   495,616 2008-02-23 00:20:26  C:\WINDOWS\system32\hphmon05 .exe
----a-w		   155,648 2008-02-23 00:20:23  C:\WINDOWS\system32\NeroCheck .exe
----a-w		   406,016 2008-02-23 00:20:32  C:\WINDOWS\system32\PSDrvCheck .exe
----a-w		   176,128 2008-02-23 00:20:24  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E36501C-DFAC-F208-9BAD-3BC4D417E852}]
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75F5A5BA-4272-F650-CD94-202210C2709E}]
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}]
2008-01-10 16:36 41472 --a------ C:\WINDOWS\system32\fcccyxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDA183BA-A0B2-4A98-B840-C38E7A234F0B}]
C:\WINDOWS\system32\sstss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"inside view"="C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe" [ ]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"Microsoft Update Machine"="qvwvov.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Fpuypv"="C:\Documents and Settings\Jonathan\Application Data\??mbols\d?dplay.exe" [ ]
"Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ]
"Smob"="C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe" [ ]
"Kxxggytl"="C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [ ]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [ ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [ ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [ ]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [ ]
"spam proxy admin sect"="C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy\tons burn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-02-21 20:05 155648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"Microsoft Update Machine"="qvwvov.exe" []
"FAF803FB0302020"="16141E171E1D1.exe" [2007-12-14 07:40 120832 C:\WINDOWS\system32\16141E171E1D1.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update Machine"="qvwvov.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]
VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-01-12 12:54:51 10409280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]
"{E1759A31-E627-4758-9562-6899DF36C9C2}"= C:\WINDOWS\system32\fcccyxy.dll [2008-01-10 16:36 41472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drlowkwn]
drlowkwn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccyxy]
fcccyxy.dll 2008-01-10 16:36 41472 C:\WINDOWS\system32\fcccyxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xrcbrkvu]
xrcbrkvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ykbtqand]
ykbtqand.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7bcc4b1-ee45-11d8-9f56-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe
\Shell\readit\command - notepad readme.doc

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 00:00:00 C:\WINDOWS\Tasks\ACDFA36A936C586E.job"
- c:\docume~1\jonathan\applic~1\funkfo~1\Open Mpeg Once.exe
"2008-02-23 00:00:00 C:\WINDOWS\Tasks\AE639047919C00CB.job"
- c:\progra~1\funkfo~1\Open Mpeg Once.exe
"2008-02-23 00:00:00 C:\WINDOWS\Tasks\B438BDEB903B2A6B.job"
- c:\docume~1\jonathan\applic~1\funkfo~1\Open Mpeg Once.exe
"2008-02-23 00:00:00 C:\WINDOWS\Tasks\BE69EBD19482961D.job"
- c:\docume~1\jonathan\applic~1\funkfo~1\Open Mpeg Once.exe
"2008-02-22 23:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 19:45:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\fcccyxy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.cfexe
.
**************************************************************************
.
Completion time: 2008-02-22 19:55:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 00:55:09
.
2008-02-22 08:01:13 --- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 7:58:43 PM, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\16141E171E1D1.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E36501C-DFAC-F208-9BAD-3BC4D417E852} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {75F5A5BA-4272-F650-CD94-202210C2709E} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\fcccyxy.dll
O2 - BHO: (no name) - {EDA183BA-A0B2-4A98-B840-C38E7A234F0B} - C:\WINDOWS\system32\sstss.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [spam proxy admin sect] C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy\tons burn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKLM\..\Run: [FAF803FB0302020] 16141E171E1D1.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\RunServices: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [inside view] C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fpuypv] "C:\Documents and Settings\Jonathan\Application Data\??mbols\d?dplay.exe"
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Smob] "C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [Kxxggytl] "C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: drlowkwn - drlowkwn.dll (file missing)
O20 - Winlogon Notify: fcccyxy - C:\WINDOWS\SYSTEM32\fcccyxy.dll
O20 - Winlogon Notify: xrcbrkvu - xrcbrkvu.dll (file missing)
O20 - Winlogon Notify: ykbtqand - ykbtqand.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {2E36501C-DFAC-F208-9BAD-3BC4D417E852} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {75F5A5BA-4272-F650-CD94-202210C2709E} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\fcccyxy.dll
O2 - BHO: (no name) - {EDA183BA-A0B2-4A98-B840-C38E7A234F0B} - C:\WINDOWS\system32\sstss.dll (file missing)
O4 - HKLM\..\Run: [spam proxy admin sect] C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy\tons burn.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKLM\..\Run: [FAF803FB0302020] 16141E171E1D1.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [inside view] C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe
O4 - HKCU\..\Run: [Fpuypv] "C:\Documents and Settings\Jonathan\Application Data\??mbols\d?dplay.exe"
O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe
O4 - HKCU\..\Run: [Smob] "C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [Kxxggytl] "C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O20 - Winlogon Notify: drlowkwn - drlowkwn.dll (file missing)
O20 - Winlogon Notify: fcccyxy - C:\WINDOWS\SYSTEM32\fcccyxy.dll
O20 - Winlogon Notify: xrcbrkvu - xrcbrkvu.dll (file missing)
O20 - Winlogon Notify: ykbtqand - ykbtqand.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

[code=auto:0]KillAll::

File::
C:\WINDOWS\system32\RCX219.tmp
C:\WINDOWS\system32\vjyekown.tmp
C:\WINDOWS\system32\qdlyxjdq.tmp
C:\WINDOWS\system32\aqytaygq.tmp
C:\WINDOWS\system32\16141E171E1D1.exe
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\tfkecalb.exe
C:\WINDOWS\system32\taemyjwk.exe
D:\autorun.exe
C:\WINDOWS\Tasks\ACDFA36A936C586E.job
c:\docume~1\jonathan\applic~1\funkfo~1\Open Mpeg Once.exe
C:\WINDOWS\Tasks\AE639047919C00CB.job
c:\progra~1\funkfo~1\Open Mpeg Once.exe
C:\WINDOWS\Tasks\B438BDEB903B2A6B.job
C:\WINDOWS\Tasks\BE69EBD19482961D.job
C:\WINDOWS\system32\qvwvov.exe
C:\WINDOWS\system32\16141E171E1D1.exe
C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe

Folder::
C:\Documents and Settings\Jonathan\Application Data\??mbols
C:\Program Files\Drmupgds
C:\Documents and Settings\Jonathan\Application Data\?racle
C:\Program Files\Dot1XCfg
C:\Program Files\xInsIDE
C:\Program Files\vghd
C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update Machine"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\system32\tfkecalb.exe"=-
"C:\WINDOWS\system32\taemyjwk.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7bcc4b1-ee45-11d8-9f56-806d6172696f}]

RenV::
----a-w 313,472 2008-02-12 06:03:47 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 335,872 2008-01-10 21:45:32 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 61,440 2008-02-23 00:21:15 C:\Program Files\Drmupgds\Drmupgds .exe
----a-w 49,152 2008-02-23 00:20:31 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 49,152 2008-02-23 00:20:24 C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05 .exe
----a-w 241,664 2008-02-23 00:20:25 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w 278,528 2008-01-26 17:42:39 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 188,416 2008-02-23 00:20:26 C:\Program Files\Logitech\Video\ISStart .exe
----a-w 65,536 2008-02-23 00:20:26 C:\Program Files\Logitech\Video\LogiTray .exe
----a-w 190,024 2008-02-23 00:20:58 C:\Program Files\Messenger Plus! 3\MsgPlus .exe
----a-w 5,674,352 2008-02-23 00:21:36 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 568,096 2008-02-11 02:31:14 C:\Program Files\Netscape\Netscape\NETSCP .EXE
----a-w 455,984 2008-02-14 05:52:34 C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
----a-w 520,192 2008-01-20 03:42:46 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-17 21:52:59 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-17 03:44:05 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-16 05:31:24 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-15 22:14:21 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-14 21:23:22 C:\Program Files\QuickTime\qttask .exe
----a-w 155,648 2008-02-22 01:05:12 C:\Program Files\QuickTime\qttask .exe
----a-w 186,368 2008-02-21 22:38:12 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-02-14 05:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-02-10 15:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-12 16:41:50 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-12 04:18:21 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-10 22:26:18 C:\Program Files\QuickTime\qttask .exe
----a-w 520,192 2008-01-10 22:19:09 C:\Program Files\QuickTime\qttask .exe
----a-w 53,248 2008-02-23 00:20:25 C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w 49,152 2008-01-12 16:45:38 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2 .exe
----a-w 1,885,464 2008-01-12 16:47:12 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w 6,144 2008-02-23 00:20:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 15,360 2008-02-07 22:24:46 C:\WINDOWS\system32\ctfmon .exe
----a-w 495,616 2008-02-23 00:20:26 C:\WINDOWS\system32\hphmon05 .exe
----a-w 155,648 2008-02-23 00:20:23 C:\WINDOWS\system32\NeroCheck .exe
----a-w 406,016 2008-02-23 00:20:32 C:\WINDOWS\system32\PSDrvCheck .exe
----a-w 176,128 2008-02-23 00:20:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe

Dirlook::
C:\WINDOWS\system32\E3E1EBE4EBEAE[/quote]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#5
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Well, that took a while, until I figured out how to completely disable Panda Antivirus. (I thought I had it disabled, but apparently, there were background processes.)

Here are my new hijackthis.log and combo.log files:









ComboFix 08-02-22.3 - Jonathan 2008-02-22 21:10:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.288 [GMT -5:00]
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\jonathan\applic~1\funkfo~1\Open Mpeg Once.exe
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe
C:\DOCUME~1\Jonathan\MYDOCU~1\PPPATC~1\msconfig.exe
c:\progra~1\funkfo~1\Open Mpeg Once.exe
C:\WINDOWS\system32\16141E171E1D1.exe
C:\WINDOWS\system32\aqytaygq.tmp
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\qdlyxjdq.tmp
C:\WINDOWS\system32\qvwvov.exe
C:\WINDOWS\system32\RCX219.tmp
C:\WINDOWS\system32\taemyjwk.exe
C:\WINDOWS\system32\tfkecalb.exe
C:\WINDOWS\system32\vjyekown.tmp
C:\WINDOWS\Tasks\ACDFA36A936C586E.job
C:\WINDOWS\Tasks\AE639047919C00CB.job
C:\WINDOWS\Tasks\B438BDEB903B2A6B.job
C:\WINDOWS\Tasks\BE69EBD19482961D.job
D:\autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy
C:\Documents and Settings\All Users\Application Data\About Logo Spam Proxy\less 16 book
C:\Program Files\Drmupgds
C:\Program Files\Drmupgds\Drmupgds.exe
C:\Program Files\vghd
C:\Program Files\vghd\libpng.dll
C:\Program Files\vghd\msvcr70.dll
C:\Program Files\vghd\music.dll
C:\Program Files\vghd\sql.dll
C:\Program Files\vghd\system.dll
C:\Program Files\vghd\uninstall1203646618.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\vghd\vhd.dll
C:\Program Files\vghd\VirtuaGirl_Downloader.exe
C:\Program Files\vghd\windows.dll
C:\Program Files\vghd\windowsex.dll
C:\Program Files\vghd\zlib.dll
C:\WINDOWS\system32\16141E171E1D1.exe
C:\WINDOWS\system32\aqytaygq.tmp
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\hdtsetec.dll
C:\WINDOWS\system32\hihkj.ini
C:\WINDOWS\system32\hihkj.ini2
C:\WINDOWS\system32\isdpppmo.ini
C:\WINDOWS\system32\isdpppmo.ini2
C:\WINDOWS\system32\isdpppmo.tmp
C:\WINDOWS\system32\jkhih.dll
C:\WINDOWS\system32\ompppdsi.dll
C:\WINDOWS\system32\piosachk.dll
C:\WINDOWS\system32\qdlyxjdq.tmp
C:\WINDOWS\system32\RCX219.tmp
C:\WINDOWS\system32\rtllapwb.dll
C:\WINDOWS\system32\ulcpnhbf.dll
C:\WINDOWS\system32\vjyekown.tmp
C:\WINDOWS\Tasks\ACDFA36A936C586E.job
C:\WINDOWS\Tasks\AE639047919C00CB.job
C:\WINDOWS\Tasks\B438BDEB903B2A6B.job
C:\WINDOWS\Tasks\BE69EBD19482961D.job

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 20:14 . 2008-02-22 20:14 1,253,714 --ahs---- C:\WINDOWS\system32\wndvusxk.ini
2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 21:07 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-22 20:22 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-15 11:25 . 2008-02-15 11:25 334,336 --a------ C:\WINDOWS\system32\5CDB.tmp
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-25 05:43 . 2008-01-25 05:43 <DIR> d-------- C:\WINDOWS\system32\E3E1EBE4EBEAE
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 02:10 --------- d-----w C:\Program Files\Unlocker
2008-02-23 02:10 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 02:10 --------- d-----w C:\Program Files\QuickTime
2008-02-23 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 02:10 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-23 02:10 --------- d-----w C:\Program Files\iTunes
2008-02-22 23:13 --------- d-----w C:\Program Files\eMule
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-14 05:52 375,296 ----a-w C:\WINDOWS\mrofinu572.exe.tmp
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 08:00 --------- d-----w C:\Program Files\Adverts
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 17:49 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\vghd
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
2007-12-09 04:59 286,720 ----a-w C:\WINDOWS\iun507.exe
.
<pre>
----a-w		   455,984 2008-02-14 05:52:34  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
----a-w		   520,192 2008-01-20 03:42:46  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   520,192 2008-01-17 21:52:59  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   520,192 2008-01-17 03:44:05  C:\Program Files\QuickTime\qttask			.exe
----a-w		   520,192 2008-01-16 05:31:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   520,192 2008-01-15 22:14:21  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   520,192 2008-01-14 21:23:22  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   155,648 2008-02-22 01:05:12  C:\Program Files\QuickTime\qttask		.exe
----a-w		   186,368 2008-02-21 22:38:12  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   520,192 2008-02-14 05:51:51  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   520,192 2008-02-10 15:14:46  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   520,192 2008-01-12 16:41:50  C:\Program Files\QuickTime\qttask	.exe
----a-w		   520,192 2008-01-12 04:18:21  C:\Program Files\QuickTime\qttask   .exe
----a-w		   520,192 2008-01-10 22:26:18  C:\Program Files\QuickTime\qttask  .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\E3E1EBE4EBEAE[/quote] ----

C:\WINDOWS\system32\E3E1EBE4EBEAE[\quote]\


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E36501C-DFAC-F208-9BAD-3BC4D417E852}]
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75F5A5BA-4272-F650-CD94-202210C2709E}]
C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDA183BA-A0B2-4A98-B840-C38E7A234F0B}]
C:\WINDOWS\system32\sstss.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"inside view"="C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe" [ ]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2008-02-22 19:20 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-02-22 19:21 5674352]
"Microsoft Update Machine"="qvwvov.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 17:24 15360]
"Kxxggytl"="C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-02-22 19:20 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 16:45 335872]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-02-22 19:20 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2008-02-22 19:20 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-02-22 19:20 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-02-22 19:20 495616]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-02-22 19:20 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-02-22 19:20 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-02-22 19:20 406016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-02-22 19:20 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-02-21 20:05 155648]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-22 19:20 6144]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-12 11:45 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-07 17:24 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]
VirtuaGirl HD.LNK - C:\QooBox\Quarantine\C\Program Files\vghd\vghd.exe.vir [2008-01-12 12:54:51 10409280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drlowkwn]
drlowkwn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccyxy]
fcccyxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xrcbrkvu]
xrcbrkvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ykbtqand]
ykbtqand.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-26 12:42 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 21:21:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-22 21:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 02:25:34
ComboFix2.txt 2008-02-23 00:55:14
.
2008-02-23 01:15:42 --- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 9:31:22 PM, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E36501C-DFAC-F208-9BAD-3BC4D417E852} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {75F5A5BA-4272-F650-CD94-202210C2709E} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EDA183BA-A0B2-4A98-B840-C38E7A234F0B} - C:\WINDOWS\system32\sstss.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [inside view] C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kxxggytl] "C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe"
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\QooBox\Quarantine\C\Program Files\vghd\vghd.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: drlowkwn - drlowkwn.dll (file missing)
O20 - Winlogon Notify: fcccyxy - fcccyxy.dll (file missing)
O20 - Winlogon Notify: xrcbrkvu - xrcbrkvu.dll (file missing)
O20 - Winlogon Notify: ykbtqand - ykbtqand.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {2E36501C-DFAC-F208-9BAD-3BC4D417E852} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {75F5A5BA-4272-F650-CD94-202210C2709E} - C:\DOCUME~1\Jonathan\APPLIC~1\TEAMLI~1\AMENLOAD.exe (file missing)
O2 - BHO: (no name) - {EDA183BA-A0B2-4A98-B840-C38E7A234F0B} - C:\WINDOWS\system32\sstss.dll (file missing)
O4 - HKCU\..\Run: [inside view] C:\DOCUME~1\Jonathan\APPLIC~1\FUNKFO~1\junk live 01.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] qvwvov.exe
O4 - HKCU\..\Run: [Kxxggytl] "C:\Documents and Settings\Jonathan\Application Data\?racle\m?dtc.exe"
O20 - Winlogon Notify: drlowkwn - drlowkwn.dll (file missing)
O20 - Winlogon Notify: fcccyxy - fcccyxy.dll (file missing)
O20 - Winlogon Notify: xrcbrkvu - xrcbrkvu.dll (file missing)
O20 - Winlogon Notify: ykbtqand - ykbtqand.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\wndvusxk.ini
C:\WINDOWS\mrofinu572.exe.tmp

RenV::
----a-w		   455,984 2008-02-14 05:52:34  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
----a-w		   520,192 2008-01-20 03:42:46  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   520,192 2008-01-17 21:52:59  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   520,192 2008-01-17 03:44:05  C:\Program Files\QuickTime\qttask			.exe
----a-w		   520,192 2008-01-16 05:31:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   520,192 2008-01-15 22:14:21  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   520,192 2008-01-14 21:23:22  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   155,648 2008-02-22 01:05:12  C:\Program Files\QuickTime\qttask		.exe
----a-w		   186,368 2008-02-21 22:38:12  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   520,192 2008-02-14 05:51:51  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   520,192 2008-02-10 15:14:46  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   520,192 2008-01-12 16:41:50  C:\Program Files\QuickTime\qttask	.exe
----a-w		   520,192 2008-01-12 04:18:21  C:\Program Files\QuickTime\qttask   .exe
----a-w		   520,192 2008-01-10 22:26:18  C:\Program Files\QuickTime\qttask  .exe

Dirlook::
C:\WINDOWS\system32\E3E1EBE4EBEAE

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log
  • 0

#7
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

Here are my fresh hijackthis.log and combofix.log files:









Logfile of HijackThis v1.99.1
Scan saved at 11:49:48 AM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe












ComboFix 08-02-22.3 - Jonathan 2008-02-23 11:33:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\wndvusxk.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\wndvusxk.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 21:07 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-23 11:26 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-15 11:25 . 2008-02-15 11:25 334,336 --a------ C:\WINDOWS\system32\5CDB.tmp
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-25 05:43 . 2008-01-25 05:43 <DIR> d-------- C:\WINDOWS\system32\E3E1EBE4EBEAE
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 16:40 --------- d-----w C:\Program Files\QuickTime
2008-02-23 15:33 --------- d-----w C:\Program Files\eMule
2008-02-23 02:10 --------- d-----w C:\Program Files\Unlocker
2008-02-23 02:10 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 02:10 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-23 02:10 --------- d-----w C:\Program Files\iTunes
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 08:00 --------- d-----w C:\Program Files\Adverts
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
2007-12-09 04:59 286,720 ----a-w C:\WINDOWS\iun507.exe
.
<pre>
----a-w		   455,984 2008-02-14 05:52:34  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\E3E1EBE4EBEAE ----

2008-02-22 19:21 13988 --a------ C:\WINDOWS\system32\E3E1EBE4EBEAE\86848E878E8D8


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2008-02-22 19:20 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-02-22 19:21 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 17:24 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-02-22 19:20 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 16:45 335872]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-02-22 19:20 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2008-02-22 19:20 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-02-22 19:20 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-02-22 19:20 495616]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-02-22 19:20 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-02-22 19:20 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-02-22 19:20 406016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-02-22 19:20 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-22 19:20 6144]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-12 11:45 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-07 17:24 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-26 12:42 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 15:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:41:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-23 11:46:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 16:46:03
ComboFix2.txt 2008-02-23 02:25:39
ComboFix3.txt 2008-02-23 00:55:14
.
2008-02-23 08:00:32 --- E O F ---
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\system32\tfkecalb.exe"=-
"C:\WINDOWS\system32\taemyjwk.exe"=-

RenV::
----a-w 455,984 2008-02-14 05:52:34 C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE

Driver::
MSControlService


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#9
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

My new Hijackthis.log and ComboFix.log:












Logfile of HijackThis v1.99.1
Scan saved at 9:50:30 PM, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
















ComboFix 08-02-22.3 - Jonathan 2008-02-23 19:24:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.290 [GMT -5:00]
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-22 23:58 . 2008-02-23 11:16 <DIR> d-------- C:\Program Files\vghd
2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 21:07 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-23 11:49 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-15 11:25 . 2008-02-15 11:25 334,336 --a------ C:\WINDOWS\system32\5CDB.tmp
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-25 05:43 . 2008-01-25 05:43 <DIR> d-------- C:\WINDOWS\system32\E3E1EBE4EBEAE
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 22:14 --------- d-----w C:\Program Files\eMule
2008-02-23 16:40 --------- d-----w C:\Program Files\QuickTime
2008-02-23 02:10 --------- d-----w C:\Program Files\Unlocker
2008-02-23 02:10 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 02:10 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-23 02:10 --------- d-----w C:\Program Files\iTunes
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 08:00 --------- d-----w C:\Program Files\Adverts
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 17:49 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\vghd
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
2007-12-09 04:59 286,720 ----a-w C:\WINDOWS\iun507.exe
.
<pre>
----a-w		   455,984 2008-02-14 05:52:34  C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2008-02-22 19:20 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-02-22 19:21 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 17:24 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-02-22 19:20 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 16:45 335872]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-02-22 19:20 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2008-02-22 19:20 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-02-22 19:20 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-02-22 19:20 495616]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-02-22 19:20 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-02-22 19:20 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-02-22 19:20 406016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-02-22 19:20 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-22 19:20 6144]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-12 11:45 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-07 17:24 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-26 12:42 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 23:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 21:13:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2008-02-23 21:17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 02:17:50
ComboFix2.txt 2008-02-23 16:46:07
ComboFix3.txt 2008-02-23 02:25:39
ComboFix4.txt 2008-02-23 00:55:14
.
2008-02-23 08:00:32 --- E O F ---
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE

Folder::
C:\Program Files\Adverts

RenV::
----a-w 455,984 2008-02-14 05:52:34 C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, took a while for the Kaspersky virus check to finish, but here is the results of that scan, the ComboFix.log and a new Hijackthis.log.








-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 24, 2008 2:50:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/02/2008
Kaspersky Anti-Virus database records: 578530
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 137303
Number of viruses found: 17
Number of infected objects: 169
Number of suspicious objects: 1
Duration of the scan process: 02:14:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Jonathan\.jpi_cache\file\1.0\game.class-13a2db49-680c21c7.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Jonathan\.jpi_cache\file\1.0\game.class-be78a07-1ceb3eda.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\history.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\key3.db Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jonathan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\MSHist012008022420080225\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\temp\ mon001.log Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip/keygen.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jonathan\My Documents\My Music\Fatboy Slim - Rockafeller Skank.mp3 Suspicious: Virus.DOS.VCC.HH.414 skipped
C:\Documents and Settings\Jonathan\My Documents\Overnet - Incoming\Virtuagirl Hd updated-fixed 02-2008.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Documents and Settings\Jonathan\My Documents\Overnet - Incoming\Virtuagirl Hd updated-fixed 02-2008.rar RAR: infected - 1 skipped
C:\Documents and Settings\Jonathan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jonathan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Temp\005.part/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
C:\Program Files\eMule\Temp\005.part RAR: infected - 1 skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\MSN Gaming Zone\prohdyxe.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\QuickTime\qttask.exe Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Drmupgds\Drmupgds.exe.vir Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\HP\hpcoretech\hpcmpmgr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\ISStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\LogiTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Messenger Plus! 3\MsgPlus.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\MSN Messenger\msnmsgr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Netscape\Netscape\NETSCP.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\REGSHAVE\REGSHAVE.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Infected: Trojan.Win32.Agent.ffe skipped
C:\QooBox\Quarantine\C\Program Files\Unlocker\UnlockerAssistant.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\QooBox\Quarantine\C\WINDOWS\csrss .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\csrss.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu.exe.vir Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\16141E171E1D1.exe.vir Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bxuoopgr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dbolifvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dflcpjwi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\djceqmsi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dquhpboa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hdtsetec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hphmon05.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kjqvbtcu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kvkjauib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjtysrwn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\NeroCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\odawxgrp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ompppdsi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\piosachk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmemhlux.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pnesxqrv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\PSDrvCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qkiaoygi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qllpnsci.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qrejvbyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qsarqtsa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX219.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX97.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\riwiflic.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rjetnfse.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqdormto.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rtllapwb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rtmamopd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rwuqaxjw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tbljdxtd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ulcpnhbf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uriffpsl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\usdkewja.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjtomqrt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vturp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yoyphtbp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_194511.02.zip/jkkji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_194511.02.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip/jkhih.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip/fcccyxy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126794.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126798.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1163\A0126807.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1164\A0126874.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1164\A0126903.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126917.exe Infected: Trojan.Win32.Agent.ffe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126919.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126920.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126921.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126923.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126925.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126928.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126929.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126930.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126931.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126933.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126935.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126936.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126938.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126940.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126942.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126943.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126944.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126945.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126946.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126948.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126950.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126951.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126952.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126953.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126995.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126996.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126997.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126998.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126999.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127000.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127001.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127002.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127003.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127004.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127005.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127006.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127007.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127008.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127009.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127010.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127011.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127012.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127013.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127014.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127015.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127016.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127017.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1167\A0127072.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127388.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127401.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127403.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127404.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127405.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127406.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127412.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127507.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127508.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127509.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127510.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127511.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127512.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127513.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127528.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127529.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127530.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127531.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127532.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1174\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9160601D-6CB1-4456-A0F3-B8C360CCD01D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\5CDB.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\OLD113.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\system32\OLD122.tmp Infected: Virus.Win32.Trats.d skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yayaawt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1174\change.log Object is locked skipped

Scan process completed.





















ComboFix 08-02-22.3 - Jonathan 2008-02-24 10:45:30.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.290 [GMT -5:00]
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adverts
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN .EXE

.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-22 23:58 . 2008-02-23 11:16 <DIR> d-------- C:\Program Files\vghd
2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 21:07 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-23 21:50 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-15 11:25 . 2008-02-15 11:25 334,336 --a------ C:\WINDOWS\system32\5CDB.tmp
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-01-25 05:43 . 2008-01-25 05:43 <DIR> d-------- C:\WINDOWS\system32\E3E1EBE4EBEAE
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-24 00:24 . 2008-02-07 17:24 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 15:19 --------- d-----w C:\Program Files\eMule
2008-02-23 16:40 --------- d-----w C:\Program Files\QuickTime
2008-02-23 02:10 --------- d-----w C:\Program Files\Unlocker
2008-02-23 02:10 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 02:10 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-23 02:10 --------- d-----w C:\Program Files\iTunes
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 17:49 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\vghd
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
2007-12-09 04:59 286,720 ----a-w C:\WINDOWS\iun507.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2008-02-22 19:20 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-02-22 19:21 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 17:24 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-02-22 19:20 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 16:45 335872]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-02-22 19:20 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2008-02-22 19:20 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-02-22 19:20 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-02-22 19:20 495616]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-02-22 19:20 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-02-22 19:20 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-02-22 19:20 406016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-02-22 19:20 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-22 19:20 6144]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-12 11:45 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-07 17:24 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-26 12:42 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 15:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 10:57:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
.
**************************************************************************
.
Completion time: 2008-02-24 11:00:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-24 16:00:46
ComboFix2.txt 2008-02-24 02:17:54
ComboFix3.txt 2008-02-23 16:46:07
ComboFix4.txt 2008-02-23 02:25:39
ComboFix5.txt 2008-02-23 00:55:14
.
2008-02-24 08:00:31 --- E O F ---
















Logfile of HijackThis v1.99.1
Scan saved at 11:08:01 AM, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\eMule\Temp\005.part
C:\Program Files\MSN Gaming Zone\prohdyxe.html
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\5CDB.tmp
C:\WINDOWS\system32\OLD113.tmp
C:\WINDOWS\system32\OLD122.tmp
C:\WINDOWS\system32\yayaawt.dll
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip
C:\Documents and Settings\Jonathan\My Documents\Overnet - Incoming\Virtuagirl Hd updated-fixed 02-2008.rar

Folder::
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip
C:\Documents and Settings\Jonathan\My Documents\Overnet - Incoming\Virtuagirl Hd updated-fixed 02-2008.rar

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also tell me how your PC is running
  • 0

#13
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

Well, thanks to you, my computer is now running much faster than it was. The most noticeable difference is the start-up time. It used to take several minutes at start-up before I could use my computer, now it's less than one minute.

Here is my combofix.log file:







ComboFix 08-02-22.3 - Jonathan 2008-02-25 19:05:27.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.298 [GMT -5:00]
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonathan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip
C:\Documents and Settings\Jonathan\My Documents\Overnet - Incoming\Virtuagirl Hd updated-fixed 02-2008.rar
C:\Program Files\eMule\Temp\005.part
C:\Program Files\MSN Gaming Zone\prohdyxe.html
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\5CDB.tmp
C:\WINDOWS\system32\OLD113.tmp
C:\WINDOWS\system32\OLD122.tmp
C:\WINDOWS\system32\yayaawt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip
C:\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip\
C:\Program Files\MSN Gaming Zone\prohdyxe.html
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\5CDB.tmp
C:\WINDOWS\system32\OLD113.tmp
C:\WINDOWS\system32\OLD122.tmp
C:\WINDOWS\system32\yayaawt.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-24 11:56 . 2008-02-24 11:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-24 11:56 . 2008-02-24 11:56 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-24 11:56 . 2008-02-24 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 23:58 . 2008-02-23 11:16 <DIR> d-------- C:\Program Files\vghd
2008-02-22 19:20 . 2007-06-20 15:48 18,224 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-02-21 21:21 . 2008-02-22 18:10 70,861 --a------ C:\WINDOWS\BMef8b5c69.xml
2008-02-21 21:21 . 2008-02-22 21:07 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 18:28 . 2008-02-24 11:07 <DIR> d-------- C:\Program Files\HijackThis 1.99.1
2008-02-19 16:48 . 2008-02-19 16:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-19 16:48 . 2008-02-19 16:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-14 01:11 . 2008-02-14 01:04 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-14 01:11 . 2008-02-14 01:04 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-13 18:34 . 2008-02-13 18:34 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-11 22:38 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-02-10 00:37 . 2008-02-10 00:37 19,280 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 00:06 --------- d-----w C:\Program Files\QuickTime
2008-02-25 23:48 --------- d-----w C:\Program Files\eMule
2008-02-23 02:10 --------- d-----w C:\Program Files\Unlocker
2008-02-23 02:10 --------- d-----w C:\Program Files\REGSHAVE
2008-02-23 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-02-23 02:10 --------- d-----w C:\Program Files\Messenger Plus! 3
2008-02-23 02:10 --------- d-----w C:\Program Files\iTunes
2008-02-23 00:20 495,616 ----a-w C:\WINDOWS\system32\hphmon05.exe
2008-02-23 00:20 406,016 ----a-w C:\WINDOWS\system32\PSDrvCheck.exe
2008-02-23 00:20 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-02-14 06:11 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-12 06:07 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\AdobeUM
2008-02-12 04:51 --------- d-----w C:\Program Files\Winamp
2008-02-12 04:48 --------- d-----w C:\Program Files\TagRename
2008-02-12 04:29 --------- d-----w C:\Program Files\DVD Region-Free
2008-02-12 04:25 --------- d-----w C:\Program Files\Bonjour
2008-02-12 04:25 --------- d-----w C:\Program Files\Better File Rename
2008-02-07 22:24 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-28 03:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 03:41 --------- d-----w C:\Program Files\UFile 2005
2008-01-28 03:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 03:39 --------- d-----w C:\Program Files\SolidWorks
2008-01-28 03:26 --------- d-----w C:\Program Files\iPod
2008-01-14 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-14 06:23 --------- d-----w C:\Program Files\Panda Security
2008-01-14 05:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-13 03:06 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-12 22:04 --------- d-----w C:\Program Files\Vg
2008-01-12 17:49 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\vghd
2008-01-12 16:03 --------- d-----w C:\Program Files\Uniblue
2008-01-12 16:03 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Uniblue
2007-12-09 04:59 286,720 ----a-w C:\WINDOWS\iun507.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2008-02-22 19:20 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-02-22 19:21 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-07 17:24 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OemReset"="C:\WINDOWS\OPTIONS\OEMRESET.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-02-22 19:20 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-10 16:45 335872]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-02-22 19:20 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2008-02-22 19:20 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-02-22 19:20 241664]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-02-22 19:20 495616]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-02-22 19:20 53248]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2008-02-22 19:20 65536]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2008-02-22 19:20 188416]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2008-02-22 19:20 406016]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-02-22 19:20 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-22 19:20 6144]
"SoundMan"="SOUNDMAN.EXE" [2003-03-28 01:34 53248 C:\WINDOWS\SOUNDMAN.EXE]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2008-01-12 11:45 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-02-07 17:24 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-08-14 19:33:03 3260416]
Vg.exe.lnk - C:\Program Files\Vg\Vg.exe [2004-09-10 21:29:27 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2003-08-26 09:58 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-26 12:42 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\WINDOWS\system32\tfkecalb.exe"= C:\WINDOWS\system32\tfk
"C:\WINDOWS\system32\taemyjwk.exe"= C:\WINDOWS\system32\tae
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 13:47]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-14 01:04]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-14 01:04]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-06-26 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 23:56:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 19:10:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 19:11:16
ComboFix-quarantined-files.txt 2008-02-26 00:11:02
ComboFix2.txt 2008-02-24 16:00:50
ComboFix3.txt 2008-02-24 02:17:54
ComboFix4.txt 2008-02-23 16:46:07
ComboFix5.txt 2008-02-23 02:25:39
.
2008-02-25 08:00:26 --- E O F ---
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Nearly done now

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#15
ref3_14

ref3_14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

Here are the results from the Kaspersky online scan and the Hijackthis.log file:







-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 26, 2008 8:47:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 581221
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 137546
Number of viruses found: 16
Number of infected objects: 166
Number of suspicious objects: 1
Duration of the scan process: 02:10:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jonathan\.jpi_cache\file\1.0\game.class-13a2db49-680c21c7.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Jonathan\.jpi_cache\file\1.0\game.class-be78a07-1ceb3eda.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\history.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\key3.db Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jonathan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\za4mxx9u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\MSHist012008022520080226\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\temp\ mon001.log Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jonathan\My Documents\My Music\Fatboy Slim - Rockafeller Skank.mp3 Suspicious: Virus.DOS.VCC.HH.414 skipped
C:\Documents and Settings\Jonathan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jonathan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\Temp\001.part Object is locked skipped
C:\Program Files\eMule\Temp\002.part Object is locked skipped
C:\Program Files\eMule\Temp\003.part Object is locked skipped
C:\Program Files\eMule\Temp\004.part Object is locked skipped
C:\Program Files\eMule\Temp\005.part Object is locked skipped
C:\Program Files\eMule\Temp\006.part Object is locked skipped
C:\Program Files\eMule\Temp\007.part Object is locked skipped
C:\Program Files\eMule\Temp\008.part Object is locked skipped
C:\Program Files\eMule\Temp\009.part Object is locked skipped
C:\Program Files\eMule\Temp\010.part Object is locked skipped
C:\Program Files\eMule\Temp\011.part Object is locked skipped
C:\Program Files\eMule\Temp\012.part Object is locked skipped
C:\Program Files\eMule\Temp\013.part Object is locked skipped
C:\Program Files\eMule\Temp\014.part Object is locked skipped
C:\Program Files\eMule\Temp\015.part Object is locked skipped
C:\Program Files\eMule\Temp\016.part Object is locked skipped
C:\Program Files\eMule\Temp\017.part Object is locked skipped
C:\Program Files\eMule\Temp\018.part Object is locked skipped
C:\Program Files\eMule\Temp\019.part Object is locked skipped
C:\Program Files\eMule\Temp\020.part Object is locked skipped
C:\Program Files\eMule\Temp\021.part Object is locked skipped
C:\Program Files\eMule\Temp\023.part Object is locked skipped
C:\Program Files\eMule\Temp\024.part Object is locked skipped
C:\Program Files\eMule\Temp\025.part Object is locked skipped
C:\Program Files\eMule\Temp\026.part Object is locked skipped
C:\Program Files\eMule\Temp\027.part Object is locked skipped
C:\Program Files\eMule\Temp\028.part Object is locked skipped
C:\Program Files\eMule\Temp\029.part Object is locked skipped
C:\Program Files\eMule\Temp\030.part Object is locked skipped
C:\Program Files\eMule\Temp\031.part Object is locked skipped
C:\Program Files\eMule\Temp\032.part Object is locked skipped
C:\Program Files\eMule\Temp\033.part Object is locked skipped
C:\Program Files\eMule\Temp\034.part Object is locked skipped
C:\Program Files\eMule\Temp\036.part Object is locked skipped
C:\Program Files\eMule\Temp\037.part Object is locked skipped
C:\Program Files\eMule\Temp\038.part Object is locked skipped
C:\Program Files\eMule\Temp\039.part Object is locked skipped
C:\Program Files\eMule\Temp\040.part Object is locked skipped
C:\Program Files\eMule\Temp\041.part Object is locked skipped
C:\Program Files\eMule\Temp\044.part Object is locked skipped
C:\Program Files\eMule\Temp\045.part Object is locked skipped
C:\Program Files\eMule\Temp\046.part Object is locked skipped
C:\Program Files\eMule\Temp\047.part Object is locked skipped
C:\Program Files\eMule\Temp\048.part Object is locked skipped
C:\Program Files\eMule\Temp\049.part Object is locked skipped
C:\Program Files\eMule\Temp\050.part Object is locked skipped
C:\Program Files\eMule\Temp\051.part Object is locked skipped
C:\Program Files\eMule\Temp\052.part Object is locked skipped
C:\Program Files\eMule\Temp\053.part Object is locked skipped
C:\Program Files\eMule\Temp\054.part Object is locked skipped
C:\Program Files\eMule\Temp\055.part Object is locked skipped
C:\Program Files\eMule\Temp\056.part Object is locked skipped
C:\Program Files\eMule\Temp\057.part Object is locked skipped
C:\Program Files\eMule\Temp\059.part Object is locked skipped
C:\Program Files\eMule\Temp\060.part Object is locked skipped
C:\Program Files\eMule\Temp\061.part Object is locked skipped
C:\Program Files\eMule\Temp\062.part Object is locked skipped
C:\Program Files\eMule\Temp\063.part Object is locked skipped
C:\Program Files\eMule\Temp\064.part Object is locked skipped
C:\Program Files\eMule\Temp\065.part Object is locked skipped
C:\Program Files\eMule\Temp\067.part Object is locked skipped
C:\Program Files\eMule\Temp\068.part Object is locked skipped
C:\Program Files\eMule\Temp\114.part Object is locked skipped
C:\Program Files\eMule\Temp\115.part Object is locked skipped
C:\Program Files\eMule\Temp\116.part Object is locked skipped
C:\Program Files\eMule\Temp\117.part Object is locked skipped
C:\Program Files\eMule\Temp\118.part Object is locked skipped
C:\Program Files\eMule\Temp\119.part Object is locked skipped
C:\Program Files\eMule\Temp\120.part Object is locked skipped
C:\Program Files\eMule\Temp\121.part Object is locked skipped
C:\Program Files\eMule\Temp\122.part Object is locked skipped
C:\Program Files\eMule\Temp\123.part Object is locked skipped
C:\Program Files\eMule\Temp\124.part Object is locked skipped
C:\Program Files\eMule\Temp\125.part Object is locked skipped
C:\Program Files\eMule\Temp\126.part Object is locked skipped
C:\Program Files\eMule\Temp\127.part Object is locked skipped
C:\Program Files\eMule\Temp\128.part Object is locked skipped
C:\Program Files\eMule\Temp\129.part Object is locked skipped
C:\Program Files\eMule\Temp\130.part Object is locked skipped
C:\Program Files\eMule\Temp\131.part Object is locked skipped
C:\Program Files\eMule\Temp\132.part Object is locked skipped
C:\Program Files\eMule\Temp\133.part Object is locked skipped
C:\Program Files\eMule\Temp\134.part Object is locked skipped
C:\Program Files\eMule\Temp\135.part Object is locked skipped
C:\Program Files\eMule\Temp\136.part Object is locked skipped
C:\Program Files\eMule\Temp\137.part Object is locked skipped
C:\Program Files\eMule\Temp\138.part Object is locked skipped
C:\Program Files\eMule\Temp\139.part Object is locked skipped
C:\Program Files\eMule\Temp\140.part Object is locked skipped
C:\Program Files\eMule\Temp\141.part Object is locked skipped
C:\Program Files\eMule\Temp\142.part Object is locked skipped
C:\Program Files\eMule\Temp\143.part Object is locked skipped
C:\Program Files\eMule\Temp\144.part Object is locked skipped
C:\Program Files\eMule\Temp\145.part Object is locked skipped
C:\Program Files\eMule\Temp\146.part Object is locked skipped
C:\Program Files\eMule\Temp\147.part Object is locked skipped
C:\Program Files\eMule\Temp\148.part Object is locked skipped
C:\Program Files\eMule\Temp\149.part Object is locked skipped
C:\Program Files\eMule\Temp\150.part Object is locked skipped
C:\Program Files\eMule\Temp\151.part Object is locked skipped
C:\Program Files\eMule\Temp\152.part Object is locked skipped
C:\Program Files\eMule\Temp\153.part Object is locked skipped
C:\Program Files\eMule\Temp\154.part Object is locked skipped
C:\Program Files\eMule\Temp\155.part Object is locked skipped
C:\Program Files\eMule\Temp\159.part Object is locked skipped
C:\Program Files\eMule\Temp\160.part Object is locked skipped
C:\Program Files\eMule\Temp\163.part Object is locked skipped
C:\Program Files\eMule\Temp\164.part Object is locked skipped
C:\Program Files\eMule\Temp\165.part Object is locked skipped
C:\Program Files\eMule\Temp\166.part Object is locked skipped
C:\Program Files\eMule\Temp\167.part Object is locked skipped
C:\Program Files\eMule\Temp\168.part Object is locked skipped
C:\Program Files\eMule\Temp\169.part Object is locked skipped
C:\Program Files\eMule\Temp\170.part Object is locked skipped
C:\Program Files\eMule\Temp\173.part Object is locked skipped
C:\Program Files\eMule\Temp\177.part Object is locked skipped
C:\Program Files\eMule\Temp\178.part Object is locked skipped
C:\Program Files\eMule\Temp\179.part Object is locked skipped
C:\Program Files\eMule\Temp\180.part Object is locked skipped
C:\Program Files\eMule\Temp\182.part Object is locked skipped
C:\Program Files\eMule\Temp\183.part Object is locked skipped
C:\Program Files\eMule\Temp\184.part Object is locked skipped
C:\Program Files\eMule\Temp\185.part Object is locked skipped
C:\Program Files\eMule\Temp\186.part Object is locked skipped
C:\Program Files\eMule\Temp\187.part Object is locked skipped
C:\Program Files\eMule\Temp\188.part Object is locked skipped
C:\Program Files\eMule\Temp\189.part Object is locked skipped
C:\Program Files\eMule\Temp\190.part Object is locked skipped
C:\Program Files\eMule\Temp\191.part Object is locked skipped
C:\Program Files\eMule\Temp\192.part Object is locked skipped
C:\Program Files\eMule\Temp\193.part Object is locked skipped
C:\Program Files\eMule\Temp\194.part Object is locked skipped
C:\Program Files\eMule\Temp\195.part Object is locked skipped
C:\Program Files\eMule\Temp\196.part Object is locked skipped
C:\Program Files\eMule\Temp\197.part Object is locked skipped
C:\Program Files\eMule\Temp\198.part Object is locked skipped
C:\Program Files\eMule\Temp\199.part Object is locked skipped
C:\Program Files\eMule\Temp\200.part Object is locked skipped
C:\Program Files\eMule\Temp\201.part Object is locked skipped
C:\Program Files\eMule\Temp\202.part Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip.vir/keygen.exe Infected: Trojan.Win32.Agent.acw skipped
C:\QooBox\Quarantine\C\Documents and Settings\Jonathan\My Documents\My Files\useful programs\Photo.Screensaver.Maker.v3.6.6.WinALL.Incl.keyygen-ViRiLiTY.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Drmupgds\Drmupgds.exe.vir Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\HP\hpcoretech\hpcmpmgr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\ISStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Logitech\Video\LogiTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Messenger Plus! 3\MsgPlus.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\prohdyxe.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\Program Files\MSN Messenger\msnmsgr.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Netscape\Netscape\NETSCP.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\REGSHAVE\REGSHAVE.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir Infected: Trojan.Win32.Agent.ffe skipped
C:\QooBox\Quarantine\C\Program Files\Unlocker\UnlockerAssistant.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\QooBox\Quarantine\C\WINDOWS\csrss .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\csrss.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu.exe.vir Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\16141E171E1D1.exe.vir Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\5CDB.tmp.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bxuoopgr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dbolifvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dflcpjwi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\djceqmsi.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dquhpboa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hdtsetec.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hphmon05.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kjqvbtcu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kvkjauib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mjtysrwn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\NeroCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\odawxgrp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\OLD113.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\OLD122.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ompppdsi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\piosachk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmemhlux.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pnesxqrv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\PSDrvCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qkiaoygi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qllpnsci.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qrejvbyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qsarqtsa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX219.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX97.tmp.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\riwiflic.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rjetnfse.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqdormto.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rtllapwb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rtmamopd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rwuqaxjw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tbljdxtd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ulcpnhbf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uriffpsl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\usdkewja.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjtomqrt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vturp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayaawt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yoyphtbp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_194511.02.zip/jkkji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_194511.02.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip/jkhih.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip/fcccyxy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-22_212108.30.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126794.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1162\A0126798.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1163\A0126807.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1164\A0126874.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1164\A0126903.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126917.exe Infected: Trojan.Win32.Agent.ffe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126919.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126920.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126921.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126923.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126925.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126928.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126929.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126930.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126931.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126932.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126933.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126935.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126936.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126937.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126938.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126939.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126940.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126941.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126942.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126943.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126944.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126945.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126946.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126948.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126950.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126951.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126952.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126953.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126995.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126996.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126997.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126998.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0126999.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127000.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127001.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127002.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127003.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127004.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127005.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127006.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127007.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127008.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127009.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127010.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127011.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127012.EXE Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127013.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127014.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127015.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127016.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127017.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1165\A0127021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1167\A0127072.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127388.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127401.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127403.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127404.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127405.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127406.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixd skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1168\A0127412.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127507.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127508.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127509.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127510.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127511.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127512.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127513.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127528.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127529.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127530.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127531.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1171\A0127532.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1176\A0127763.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1176\A0127764.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1176\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9160601D-6CB1-4456-A0F3-B8C360CCD01D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP1176\change.log Object is locked skipped

Scan process completed.











Logfile of HijackThis v1.99.1
Scan saved at 8:56:51 AM, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Vg\Vg.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netaddress.com/"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Jonathan\Application Data\Mozilla\Profiles\default\1odjo8e3.slt\prefs.js)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: Vg.exe.lnk = C:\Program Files\Vg\Vg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\psimsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP