Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRTUMONDE


  • Please log in to reply

#1
wench

wench

    New Member

  • Member
  • Pip
  • 1 posts
I've tried a couple different removers but I can't seem to get rid of it. Trend Micro (recently installed) said that C:\WINDOWS\system32\qopqp.dll is infected and I should delete it but I can't seem to delete the file. Would you please give me some advice as to what to do next? Thank you so much!

Here are a couple log files:

hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:41 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\hijackthis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker .exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200269541927
O20 - Winlogon Notify: awttrsr - awttrsr.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5258 bytes


virtumundobegone:


[02/25/2008, 0:14:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[02/25/2008, 0:15:21] - Detected System Information:
[02/25/2008, 0:15:21] - Windows Version: 5.1.2600, Service Pack 2
[02/25/2008, 0:15:21] - Current Username: Administrator (Admin)
[02/25/2008, 0:15:22] - Windows is in NORMAL mode.
[02/25/2008, 0:15:22] - Searching for Browser Helper Objects:
[02/25/2008, 0:15:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/25/2008, 0:15:22] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/25/2008, 0:15:22] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/25/2008, 0:15:22] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/25/2008, 0:15:22] - Finished Searching Browser Helper Objects
[02/25/2008, 0:15:22] - Finishing up...
[02/25/2008, 0:15:22] - Nothing found! Exiting...

[02/25/2008, 0:18:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[02/25/2008, 0:18:33] - Detected System Information:
[02/25/2008, 0:18:33] - Windows Version: 5.1.2600, Service Pack 2
[02/25/2008, 0:18:33] - Current Username: Administrator (Admin)
[02/25/2008, 0:18:33] - Windows is in NORMAL mode.
[02/25/2008, 0:18:33] - Searching for Browser Helper Objects:
[02/25/2008, 0:18:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/25/2008, 0:18:33] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/25/2008, 0:18:33] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/25/2008, 0:18:33] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/25/2008, 0:18:33] - Finished Searching Browser Helper Objects
[02/25/2008, 0:18:33] - Finishing up...
[02/25/2008, 0:18:33] - Nothing found! Exiting...


combofix:

ComboFix 08-02-25.2 - Administrator 2008-02-24 23:02:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.77 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker .exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\attrggjv.ini
C:\WINDOWS\system32\bgfstrto.ini
C:\WINDOWS\system32\cblgutir.ini
C:\WINDOWS\system32\cdppulwj.ini
C:\WINDOWS\system32\ckiwjmql.ini
C:\WINDOWS\system32\cmgsmmir.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cyresntf.ini
C:\WINDOWS\system32\dgcsmyal.ini
C:\WINDOWS\system32\dxgqebvk.ini
C:\WINDOWS\system32\edrsjcyt.ini
C:\WINDOWS\system32\fgpywkpw.ini
C:\WINDOWS\system32\fpyxlxfm.ini
C:\WINDOWS\system32\ftnrilrc.ini
C:\WINDOWS\system32\gatroxvj.ini
C:\WINDOWS\system32\ghkpevvx.ini
C:\WINDOWS\system32\gnbgmwvt.ini
C:\WINDOWS\system32\grljnfxu.ini
C:\WINDOWS\system32\gxwdhxgp.ini
C:\WINDOWS\system32\htfipolk.ini
C:\WINDOWS\system32\hymwapps.ini
C:\WINDOWS\system32\iihtksae.ini
C:\WINDOWS\system32\ipxmyjxv.ini
C:\WINDOWS\system32\ixqowoqc.ini
C:\WINDOWS\system32\jhgdyhna.ini
C:\WINDOWS\system32\jkfvwybu.ini
C:\WINDOWS\system32\jwefnahr.ini
C:\WINDOWS\system32\klhesvqt.ini
C:\WINDOWS\system32\kqhlyarb.dll
C:\WINDOWS\system32\kyqkmrpt.ini
C:\WINDOWS\system32\lcjaxmst.ini
C:\WINDOWS\system32\lgyxapqq.ini
C:\WINDOWS\system32\lumuebrp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlatlybp.ini
C:\WINDOWS\system32\ncxbdkel.ini
C:\WINDOWS\system32\nevuxxga.ini
C:\WINDOWS\system32\neyyvyck.ini
C:\WINDOWS\system32\nlkttyqs.ini
C:\WINDOWS\system32\nllwogny.ini
C:\WINDOWS\system32\npyfefut.ini
C:\WINDOWS\system32\nqnwbxsm.ini
C:\WINDOWS\system32\nrvnqyko.ini
C:\WINDOWS\system32\nvxnufry.ini
C:\WINDOWS\system32\oebdscco.dll
C:\WINDOWS\system32\oeqjiedj.ini
C:\WINDOWS\system32\ogaqvjpa.ini
C:\WINDOWS\system32\omlogduv.ini
C:\WINDOWS\system32\osquaatu.ini
C:\WINDOWS\system32\pomqktfo.ini
C:\WINDOWS\system32\pqpoq.ini
C:\WINDOWS\system32\pqpoq.ini2
C:\WINDOWS\system32\qopqp.dll
C:\WINDOWS\system32\qopqp.exe
C:\WINDOWS\system32\quouianh.ini
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCXB.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\rcytwcfs.ini
C:\WINDOWS\system32\rgwhonhw.ini
C:\WINDOWS\system32\riycfoqx.ini
C:\WINDOWS\system32\rtxocuiw.ini
C:\WINDOWS\system32\sefmtnsr.ini
C:\WINDOWS\system32\sfyomiro.ini
C:\WINDOWS\system32\swrvhapa.ini
C:\WINDOWS\system32\tjloiwhf.ini
C:\WINDOWS\system32\tvwmgbng.dll
C:\WINDOWS\system32\uabxxhmg.ini
C:\WINDOWS\system32\uebihamh.ini
C:\WINDOWS\system32\unqvkobp.ini
C:\WINDOWS\system32\uolvhofs.ini
C:\WINDOWS\system32\uwkieutf.ini
C:\WINDOWS\system32\xcvlbsne.dll
C:\WINDOWS\system32\xjwuaasj.ini
C:\WINDOWS\system32\xmckfxwh.ini
C:\WINDOWS\system32\xtludnmf.ini
C:\WINDOWS\system32\yfucevud.ini
C:\WINDOWS\system32\ygxvvxrr.ini
C:\WINDOWS\system32\yyvuvtxy.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-22 05:13 . 2008-02-22 05:13 5,749 --a------ C:\WINDOWS\system32\cdgagylo.dll
2008-02-22 05:10 . 2008-02-22 05:10 5,763 --a------ C:\WINDOWS\system32\ctuyddgv.dll
2008-02-22 05:07 . 2008-02-22 05:07 5,727 --a------ C:\WINDOWS\system32\yqhfcsxu.dll
2008-02-22 05:05 . 2008-02-22 05:05 5,727 --a------ C:\WINDOWS\system32\brrqcduv.dll
2008-02-21 05:10 . 2008-02-21 05:10 5,749 --a------ C:\WINDOWS\system32\cqfdpnkq.dll
2008-02-21 05:07 . 2008-02-21 05:07 5,763 --a------ C:\WINDOWS\system32\rolqyvka.dll
2008-02-21 05:04 . 2008-02-21 05:04 5,727 --a------ C:\WINDOWS\system32\oahgfptd.dll
2008-02-20 22:55 . 2008-02-21 01:03 <DIR> d-------- C:\VundoFix Backups
2008-02-20 12:17 . 2008-02-20 12:17 <DIR> d-------- C:\WINDOWS\system32\Quarantine
2008-02-20 03:21 . 2008-02-20 03:21 <DIR> d-------- C:\WINDOWS\system32\Log
2008-02-20 02:13 . 2008-02-20 02:13 6,667 --a------ C:\WINDOWS\system32\sifyemby.dll
2008-02-20 02:10 . 2008-02-20 02:10 6,681 --a------ C:\WINDOWS\system32\yytlwymq.dll
2008-02-20 02:08 . 2008-02-20 02:08 6,637 --a------ C:\WINDOWS\system32\kegnwmbc.dll
2008-02-20 01:00 . 2008-02-22 20:31 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-02-20 00:30 . 2007-12-16 18:29 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-20 00:30 . 2007-12-16 18:29 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-02-20 00:30 . 2007-12-16 18:29 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-02-20 00:28 . 2008-02-20 23:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2008-02-19 02:12 . 2008-02-20 23:44 1,968,949 ---hs---- C:\WINDOWS\system32\cnleblks.ini
2008-02-18 23:11 . 2008-02-18 23:11 <DIR> d-------- C:\Program Files\Panda Security
2008-02-18 02:09 . 2008-02-19 01:38 2,084,611 ---hs---- C:\WINDOWS\system32\dwptbvnb.ini
2008-02-17 01:20 . 2008-02-18 02:04 2,091,909 ---hs---- C:\WINDOWS\system32\oxidsgrv.ini
2008-02-17 01:08 . 2008-02-17 01:09 2,142,788 ---hs---- C:\WINDOWS\system32\nhpkjmrg.ini
2008-02-15 00:17 . 2008-02-24 16:49 157,473 --a------ C:\WINDOWS\BMbbf9fb6d.xml
2008-02-15 00:17 . 2008-02-24 23:03 21 --a------ C:\WINDOWS\pskt.ini
2008-02-08 16:46 . 2008-02-08 16:47 1,382,509 ---hs---- C:\WINDOWS\system32\slocaxtv.ini
2008-02-08 15:49 . 2008-02-08 15:50 1,383,791 ---hs---- C:\WINDOWS\system32\cfhsryqw.ini
2008-02-08 15:46 . 2008-02-08 15:47 1,386,140 ---hs---- C:\WINDOWS\system32\gpkglupa.ini
2008-02-07 15:48 . 2008-02-08 15:05 1,376,748 ---hs---- C:\WINDOWS\system32\qkkblrue.ini
2008-02-07 15:45 . 2008-02-07 15:45 1,379,517 ---hs---- C:\WINDOWS\system32\jebwpvif.ini
2008-02-06 15:46 . 2008-02-07 15:36 1,358,943 ---hs---- C:\WINDOWS\system32\bpidfvrb.ini
2008-02-06 15:43 . 2008-02-06 15:44 1,360,041 ---hs---- C:\WINDOWS\system32\tarnvrsv.ini
2008-02-05 22:00 . 2008-02-05 22:00 <DIR> d-------- C:\Program Files\MSECache
2008-02-05 15:33 . 2008-02-06 15:35 1,513,174 ---hs---- C:\WINDOWS\system32\byinswan.ini
2008-02-03 14:33 . 2008-02-05 15:31 1,625,192 ---hs---- C:\WINDOWS\system32\vityrwwt.ini
2008-02-03 14:30 . 2008-02-03 14:33 1,964,542 ---hs---- C:\WINDOWS\system32\nkjbomcu.ini
2008-01-29 21:30 . 2008-01-29 21:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2008-01-29 21:15 . 2008-01-29 21:17 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-29 20:42 . 2008-02-20 00:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 21:46 . 2008-01-28 21:57 73,695,223 --a------ C:\20080116_USP6003003_TIS2008(CNET).zip
2008-01-28 00:04 . 2008-01-28 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-28 00:04 . 2008-01-28 00:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AVG7
2008-01-28 00:03 . 2008-01-28 00:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-28 00:03 . 2008-01-28 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-01-28 00:03 . 2008-01-29 20:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-01-28 00:03 . 2008-01-28 00:03 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 05:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-20 05:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-17 03:46 --------- d-----w C:\Program Files\Shutterfly Express
2008-01-17 03:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Shutterfly
2008-01-17 03:40 --------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Shutterfly
2008-01-17 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 23:46 6,144 ----a-w C:\info.exe
2008-01-07 13:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-07 04:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-01-07 04:23 --------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Sunbelt Software
2007-12-31 08:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2007-12-31 08:57 --------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-12-31 04:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\iolo
2007-12-31 04:12 --------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\iolo
2007-12-31 03:21 --------- d-----w C:\Program Files\iolo
2007-12-31 02:22 --------- d-----w C:\Program Files\[APP] - Iolo System Mechanic Professional v6.0f
2007-12-31 01:28 38,655,992 ----a-w C:\Program Files\[APP] - Iolo System Mechanic Professional v6.0f.rar
2007-12-30 21:44 --------- d-----w C:\Program Files\QuickTime
2005-10-18 04:02 9,127 ----a-w C:\Program Files\F4CG.NFO
2005-10-18 02:17 33,947,648 ----a-w C:\Program Files\setup.exe
.
<pre>
----a-w		 1,085,952 2008-02-24 18:57:05  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																		  .exe
----a-w		 1,085,952 2008-02-24 03:34:13  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																		 .exe
----a-w		 1,085,952 2008-02-23 23:29:39  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																		.exe
----a-w		 1,085,952 2008-02-23 17:21:36  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																	   .exe
----a-w		 1,085,952 2008-02-23 16:57:19  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																	  .exe
----a-w		 1,085,952 2008-02-22 21:50:23  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																	 .exe
----a-w		 1,085,952 2008-02-22 01:09:54  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																	.exe
----a-w		 1,085,952 2008-02-21 09:01:42  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																   .exe
----a-w		 1,085,952 2008-02-21 06:06:16  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																  .exe
----a-w		 1,085,952 2008-02-21 05:47:06  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																 .exe
----a-w		 1,085,952 2008-02-21 01:09:33  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker																.exe
----a-w		 1,085,952 2008-02-20 17:04:16  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker															   .exe
----a-w		 1,085,952 2008-02-20 08:22:53  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker															  .exe
----a-w		 1,085,952 2008-02-20 05:51:57  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker															 .exe
----a-w		 1,085,952 2008-02-20 05:20:31  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker															.exe
----a-w		 1,085,952 2008-02-20 05:11:36  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker														   .exe
----a-w		 1,085,952 2008-02-20 02:37:09  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker														  .exe
----a-w		 1,085,952 2008-02-20 02:32:57  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker														 .exe
----a-w		 1,085,952 2008-02-20 02:18:06  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker														.exe
----a-w		 1,085,952 2008-02-20 02:10:44  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker													   .exe
----a-w		 1,085,952 2008-02-20 02:05:28  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker													  .exe
----a-w		 1,085,952 2008-02-20 02:01:38  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker													 .exe
----a-w		 1,085,952 2008-02-20 01:40:32  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker													.exe
----a-w		 1,085,952 2008-02-20 01:34:54  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker												   .exe
----a-w		 1,085,952 2008-02-20 00:17:15  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker												  .exe
----a-w		 1,085,952 2008-02-19 22:26:17  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker												 .exe
----a-w		 1,085,952 2008-02-19 20:46:37  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker												.exe
----a-w		 1,085,952 2008-02-19 06:36:47  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker											   .exe
----a-w		 1,085,952 2008-02-18 21:14:27  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker											  .exe
----a-w		 1,085,952 2008-02-18 07:03:38  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker											 .exe
----a-w		 1,085,952 2008-02-17 18:26:52  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker											.exe
----a-w		 1,085,952 2008-02-17 18:23:43  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker										   .exe
----a-w		 1,085,952 2008-02-17 05:08:45  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker										  .exe
----a-w		 1,085,952 2008-02-15 23:20:43  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker										 .exe
----a-w		 1,085,952 2008-02-15 05:11:24  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker										.exe
----a-w		 1,085,952 2008-02-14 10:32:38  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker									   .exe
----a-w		 1,085,952 2008-02-13 20:56:18  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker									  .exe
----a-w		 1,085,952 2008-02-13 10:04:41  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker									 .exe
----a-w		 1,085,952 2008-02-13 07:29:08  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker									.exe
----a-w		 1,085,952 2008-02-13 01:41:20  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker								   .exe
----a-w		 1,085,952 2008-02-12 04:46:40  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker								  .exe
----a-w		 1,085,952 2008-02-11 18:10:55  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker								 .exe
----a-w		 1,085,952 2008-02-11 06:07:33  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker								.exe
----a-w		 1,085,952 2008-02-11 01:48:48  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker							   .exe
----a-w		 1,085,952 2008-02-11 01:46:17  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker							  .exe
----a-w		 1,085,952 2008-02-10 20:48:41  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker							 .exe
----a-w		 1,085,952 2008-02-10 08:56:03  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker							.exe
----a-w		 1,085,952 2008-02-09 16:48:44  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker						   .exe
----a-w		 1,085,952 2008-02-09 06:53:29  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker						  .exe
----a-w		 1,085,952 2008-02-09 00:23:11  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker						 .exe
----a-w		 1,085,952 2008-02-08 20:04:42  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker						.exe
----a-w		 1,085,952 2008-02-07 22:53:22  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker					   .exe
----a-w		 1,085,952 2008-02-07 20:36:04  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker					  .exe
----a-w		 1,085,952 2008-02-07 07:33:45  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker					 .exe
----a-w		 1,085,952 2008-02-07 01:09:44  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker					.exe
----a-w		 1,085,952 2008-02-06 19:22:24  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker				   .exe
----a-w		 1,085,952 2008-02-06 11:45:41  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker				  .exe
----a-w		 1,085,952 2008-02-06 02:36:13  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker				 .exe
----a-w		 1,085,952 2008-02-05 20:30:34  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker				.exe
----a-w		 1,085,952 2008-02-05 03:11:51  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker			   .exe
----a-w		 1,085,952 2008-02-04 18:39:19  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker			  .exe
----a-w		 1,085,952 2008-02-04 18:36:52  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker			 .exe
----a-w		 1,085,952 2008-02-04 15:56:52  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker			.exe
----a-w		 1,085,952 2008-02-03 23:27:55  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker		   .exe
----a-w		 1,085,952 2008-02-03 19:21:38  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker		  .exe
----a-w		 1,085,952 2008-02-02 14:56:10  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker		 .exe
----a-w		 1,085,952 2008-02-02 06:35:57  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker		.exe
----a-w		 1,085,952 2008-02-02 01:43:42  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker	   .exe
----a-w		 1,085,952 2008-02-02 01:34:48  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker	  .exe
----a-w		 1,085,952 2008-02-01 03:38:57  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker	 .exe
----a-w		 1,085,952 2008-01-31 03:43:17  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker	.exe
----a-w		 1,085,952 2008-01-31 01:36:36  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker   .exe
----a-w		 1,085,952 2008-01-30 22:06:32  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker  .exe
----a-w		 1,085,952 2008-01-30 04:14:49  C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker .exe
----a-w		   548,864 2008-01-30 02:21:45  C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer .exe
----a-w		   453,632 2008-01-30 02:21:33  C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter .exe
----a-w		   132,496 2007-12-24 16:46:03  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,694,208 2007-12-29 09:13:59  C:\Program Files\Messenger\msmsgs .exe
----a-w		   282,624 2007-12-29 09:13:25  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2007-12-28 21:27:04  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2007-12-28 19:36:50  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2007-12-28 16:07:56  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2007-12-27 18:56:06  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2007-12-27 00:15:39  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2007-12-26 18:07:09  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2007-12-25 19:17:52  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2007-12-24 16:45:27  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2007-12-24 02:21:34  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2007-12-23 01:23:02  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2007-12-22 21:37:25  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,393,928 2008-02-24 18:57:25  C:\Program Files\Trend Micro\Internet Security\UfSeAgnt .exe
----a-w			15,360 2008-02-21 06:06:28  C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"HijackThis startup scan"="C:\Program Files\hijackthis\HijackThis.exe" [ ]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-02-10 09:27 4501504]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"RegistryMechanic"="" []
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-28 00:03 219136]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttrsr]
awttrsr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S0 IoloFilter;IoloFilter;C:\WINDOWS\system32\drivers\IoloFltr.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 23:25:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-24 23:29:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 04:29:07
.
2008-02-13 07:27:20 --- E O F ---
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP