Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

POSVundo [RESOLVED]


  • This topic is locked This topic is locked

#1
astrosoup

astrosoup

    Member

  • Member
  • PipPipPip
  • 181 posts
I have a laptop here with POSVundo, complete with the red "X" and the hundreds of .tmp files dumped in C:/ and My Documents. I don't know how to use combofix or anything so I am posting a HJT log here. I've already run Vundofix which found 14 bad .dll's and ATFCleaner. She isn't running an anti-virus, but I will install Avast as soon as everything is cleaned off. Thanks for your help!

--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:16 AM, on 3/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Messenger\msmsgs.exe
E:\MedKit\Scan\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {2ad1b15c-483a-d7b8-e724-3fafeab7af60} - {06fa7bae-faf3-427e-8b7d-a384c51b1da2} - C:\WINDOWS\System32\pquiqlto.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD} - C:\WINDOWS\System32\cbabc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [{4C-C0-07-7D-ZN}] C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [bcc4c0d2] rundll32.exe "C:\WINDOWS\System32\edrpxupm.dll",b
O4 - HKLM\..\Run: [BMbff7f34e] Rundll32.exe "C:\WINDOWS\System32\pokwkdtd.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11470 bytes
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi astrosoup

welcome to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i an move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk
  • 0

#3
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Thank you so much for taking my thread :)

Here are the contents of main.txt:

Deckard's System Scanner v20071014.68
Run by Marnie Jones on 2008-03-20 20:27:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-03-21 04:27:34 UTC - RP703 - Deckard's System Scanner Restore Point
35: 2008-03-20 03:56:46 UTC - RP702 - System Checkpoint
34: 2008-03-19 02:56:46 UTC - RP701 - System Checkpoint
33: 2008-03-18 01:56:46 UTC - RP700 - System Checkpoint
32: 2008-03-17 01:27:22 UTC - RP699 - System Checkpoint


-- First Restore Point --
1: 2008-01-01 00:54:22 UTC - RP668 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Marnie Jones.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:13 PM, on 3/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Messenger\msmsgs.exe
E:\dss.exe
E:\MedKit\Scan\HIJACK~1\Marnie Jones.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {2ad1b15c-483a-d7b8-e724-3fafeab7af60} - {06fa7bae-faf3-427e-8b7d-a384c51b1da2} - C:\WINDOWS\System32\pquiqlto.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD} - C:\WINDOWS\System32\cbabc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [{4C-C0-07-7D-ZN}] C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [bcc4c0d2] rundll32.exe "C:\WINDOWS\System32\edrpxupm.dll",b
O4 - HKLM\..\Run: [BMbff7f34e] Rundll32.exe "C:\WINDOWS\System32\pokwkdtd.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11481 bytes

-- HijackThis Fixed Entries (E:\MedKit\Scan\HIJACK~1\backups\) -----------------

backup-20071101-190802-103 O4 - HKCU\..\Run: [Microsoft Service Host] svchost2.exe
backup-20071101-190802-166 O4 - HKLM\..\Run: [Microsoft Service Host] svchost2.exe
backup-20071101-190802-415 O4 - HKLM\..\Run: [regsrv] scvhost.exe
backup-20071101-190802-528 O4 - HKLM\..\RunServices: [regsrv] scvhost.exe
backup-20071101-190802-780 O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
backup-20071101-190802-812 O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
backup-20071110-001050-784 O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware347\bin\Starware347.dll (file missing)
backup-20071110-001050-872 O2 - BHO: (no name) - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - (no file)
backup-20071111-001331-375 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ffinder.com/
backup-20071111-001332-232 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/
backup-20071210-173932-217 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20071210-173932-238 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
backup-20071210-173932-646 O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
backup-20071210-173932-696 O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
backup-20071210-173932-850 O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll
backup-20071210-173932-888 O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
backup-20071210-173935-326 O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll
backup-20071210-173936-259 O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
backup-20071210-173936-273 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20071210-173936-636 O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
backup-20071210-173936-691 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
backup-20071210-173936-936 O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
backup-20071219-150018-297 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
backup-20071219-150018-745 O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
backup-20071219-150207-449 O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
backup-20071219-150207-736 O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
backup-20071219-194006-333 O2 - BHO: (no name) - {EA50C735-45AF-48A8-A8B3-9EA69962CD39} - C:\WINDOWS\system32\mljgh.dll (file missing)
backup-20071219-194007-259 O2 - BHO: {9f2fd7e2-6e97-4998-7db4-e7d137e1a5ae} - {ea5a1e73-1d7e-4bd7-8994-79e62e7df2f9} - C:\WINDOWS\system32\tnfikgtr.dll (file missing)
backup-20071219-194007-350 O20 - Winlogon Notify: urqpnol - urqpnol.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-20 20:25:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-07 18:00:07 562 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-16 14:32:38 7168 --a------ C:\WINDOWS\System32\windows
2008-03-16 14:21:23 0 d-------- C:\VundoFix Backups
2008-03-13 19:52:52 86080 --a------ C:\WINDOWS\System32\edrpxupm.dll
2008-03-13 19:49:51 93760 --a------ C:\WINDOWS\System32\pquiqlto.dll
2008-03-13 19:45:20 90176 --a------ C:\WINDOWS\System32\pokwkdtd.dll
2008-03-12 16:35:35 93760 --a------ C:\WINDOWS\System32\lxtllmeh.dll
2008-03-12 16:34:06 89152 --a------ C:\WINDOWS\System32\hbpoibat.dll
2008-03-12 16:12:45 93760 --a------ C:\WINDOWS\System32\axtxbtmg.dll
2008-03-12 16:06:10 89152 --a------ C:\WINDOWS\System32\rriqxtbg.dll
2008-03-10 15:52:22 93760 --a------ C:\WINDOWS\System32\tggbcvjc.dll
2008-03-10 15:45:09 89152 --a------ C:\WINDOWS\System32\vtffarso.dll
2008-03-09 19:31:34 89664 --a------ C:\WINDOWS\System32\edxwmenf.dll
2008-03-07 18:50:32 88640 --a------ C:\WINDOWS\System32\tpdndmwv.dll
2008-03-07 18:28:37 90688 --a------ C:\WINDOWS\System32\aetwrdao.dll
2008-03-07 18:21:07 88640 --a------ C:\WINDOWS\System32\rwgktksb.dll
2008-03-07 16:43:55 90688 --a------ C:\WINDOWS\System32\enagcinv.dll
2008-03-07 16:39:33 88640 --a------ C:\WINDOWS\System32\fyitlgtw.dll
2008-03-05 18:55:35 96832 --a------ C:\WINDOWS\System32\ylkompif.dll
2008-03-05 18:47:53 91712 --a------ C:\WINDOWS\System32\lbnitjlr.dll
2008-03-05 16:56:56 96832 --a------ C:\WINDOWS\System32\fkeblija.dll
2008-03-05 16:49:39 91712 --a------ C:\WINDOWS\System32\oicclnec.dll
2008-03-05 16:38:07 96832 --a------ C:\WINDOWS\System32\tfrgdvyd.dll
2008-03-05 16:32:10 91712 --a------ C:\WINDOWS\System32\aindekig.dll
2008-03-03 16:52:47 95296 --a------ C:\WINDOWS\System32\gwqrktby.dll
2008-03-03 16:50:14 91712 --a------ C:\WINDOWS\System32\echtadnl.dll
2008-03-02 13:08:38 89664 --a------ C:\WINDOWS\System32\knojnemh.dll
2008-03-02 13:01:00 91712 --a------ C:\WINDOWS\System32\fqmtrsvp.dll
2008-03-02 08:41:55 89664 --a------ C:\WINDOWS\System32\gxenhvij.dll
2008-03-02 08:37:42 91712 --a------ C:\WINDOWS\System32\pypqxkpl.dll
2008-03-01 20:31:44 89664 --a------ C:\WINDOWS\System32\hhohutxy.dll
2008-03-01 20:24:24 91712 --a------ C:\WINDOWS\System32\olfxxgne.dll
2008-03-01 17:28:20 89664 --a------ C:\WINDOWS\System32\kjnhxoip.dll
2008-03-01 17:23:00 91712 --a------ C:\WINDOWS\System32\rcrhvxgi.dll
2008-02-29 17:24:30 88640 --a------ C:\WINDOWS\System32\jwikvcmt.dll
2008-02-29 17:18:27 91712 --a------ C:\WINDOWS\System32\awcrscex.dll
2008-02-29 10:40:46 88640 --a------ C:\WINDOWS\System32\vjwxaoex.dll
2008-02-29 10:39:28 91712 --a------ C:\WINDOWS\System32\gcjnuxbs.dll
2008-02-28 19:11:38 91712 --a------ C:\WINDOWS\System32\kkcebksw.dll
2008-02-27 10:30:35 90176 --a------ C:\WINDOWS\System32\xpvbagtc.dll
2008-02-27 10:28:58 91712 --a------ C:\WINDOWS\System32\idahxwgg.dll
2008-02-26 20:01:22 89152 --a------ C:\WINDOWS\System32\hiodpkek.dll
2008-02-26 19:59:16 91712 --a------ C:\WINDOWS\System32\fcbbjefm.dll
2008-02-26 19:57:29 89152 --a------ C:\WINDOWS\System32\owbefknd.dll
2008-02-26 19:55:37 91712 --a------ C:\WINDOWS\System32\jjyvqfxi.dll
2008-02-26 19:32:31 86080 --a------ C:\WINDOWS\System32\jrqebjbg.dll
2008-02-26 19:26:30 89152 --a------ C:\WINDOWS\System32\wbwxkpnc.dll
2008-02-26 19:25:22 91712 --a------ C:\WINDOWS\System32\juowbqlh.dll
2008-02-26 19:00:44 89152 --a------ C:\WINDOWS\System32\wovvosay.dll
2008-02-26 18:55:44 91712 --a------ C:\WINDOWS\System32\qswotirx.dll
2008-02-26 11:00:15 89152 --a------ C:\WINDOWS\System32\sxckwlgy.dll
2008-02-26 10:57:58 91712 --a------ C:\WINDOWS\System32\ryswbvik.dll
2008-02-25 10:25:52 90688 --a------ C:\WINDOWS\System32\sfwofepp.dll
2008-02-25 10:18:09 91712 --a------ C:\WINDOWS\System32\gosqdocy.dll
2008-02-21 23:03:43 91712 --a------ C:\WINDOWS\System32\ucuknmfs.dll
2008-02-21 23:01:59 91712 --a------ C:\WINDOWS\System32\suqpdllx.dll
2008-02-21 22:25:35 93760 --a------ C:\WINDOWS\System32\tsqkdcvr.dll
2008-02-21 22:16:34 91712 --a------ C:\WINDOWS\System32\ofpnufnv.dll
2008-02-21 22:14:24 91712 --a------ C:\WINDOWS\System32\qpsicesv.dll
2008-02-21 21:22:16 93760 --a------ C:\WINDOWS\System32\bihofoki.dll
2008-02-21 21:14:45 91712 --a------ C:\WINDOWS\System32\gkvfadmj.dll
2008-02-21 17:18:37 93760 --a------ C:\WINDOWS\System32\ldpvxdip.dll
2008-02-21 17:09:36 91712 --a------ C:\WINDOWS\System32\rtpnsixb.dll
2008-02-21 17:06:38 91712 --a------ C:\WINDOWS\System32\xayddwjr.dll
2008-02-21 16:30:42 93760 --a------ C:\WINDOWS\System32\ghaykrfu.dll
2008-02-21 16:21:41 91712 --a------ C:\WINDOWS\System32\equrqgfd.dll
2008-02-21 16:18:44 91712 --a------ C:\WINDOWS\System32\smawxnmv.dll
2008-02-20 18:55:27 94784 --a------ C:\WINDOWS\System32\ktbfxkwr.dll
2008-02-20 18:19:29 94784 --a------ C:\WINDOWS\System32\ypptiwld.dll
2008-02-20 18:16:30 87616 --a------ C:\WINDOWS\System32\hericoaf.dll
2008-02-20 17:35:01 94784 --a------ C:\WINDOWS\System32\xvkwfujl.dll
2008-02-20 17:21:39 37376 --a------ C:\WINDOWS\System32\ssqrpoo.dll
2008-02-20 16:38:10 94784 --a------ C:\WINDOWS\System32\fmitvaeu.dll
2008-02-20 16:32:09 163904 --a------ C:\WINDOWS\System32\royygnvk.dll
2008-02-20 16:14:03 85056 --a------ C:\WINDOWS\System32\cfjhbcfd.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-08 17:57:20 0 d-------- C:\Program Files\Yahoo!
2008-03-01 17:32:25 0 d-------- C:\Documents and Settings\Marnie Jones\Application Data\Viewpoint
2008-03-01 17:29:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 17:26:55 0 d-------- C:\Program Files\IrfanView
2008-02-19 12:24:46 89152 --a------ C:\WINDOWS\System32\ocsntinm.dll
2008-02-11 19:18:26 93248 --a------ C:\WINDOWS\System32\bscuunkt.dll
2008-02-10 20:05:10 93248 --a------ C:\WINDOWS\System32\gadyvnvh.dll
2008-02-10 19:20:04 93248 --a------ C:\WINDOWS\System32\tkuegoih.dll
2008-02-09 16:59:09 93760 --a------ C:\WINDOWS\System32\inavuiuc.dll
2008-02-08 16:57:26 94784 --a------ C:\WINDOWS\System32\extxcrse.dll
2008-02-07 19:25:27 95808 --a------ C:\WINDOWS\System32\xnnanmba.dll
2008-02-06 17:43:04 92224 --a------ C:\WINDOWS\System32\ourhnoxk.dll
2008-02-05 18:29:14 94272 --a------ C:\WINDOWS\System32\ljdfruqu.dll
2008-02-03 17:35:33 92736 --a------ C:\WINDOWS\System32\xpowrsyt.dll
2008-02-03 11:24:39 92736 --a------ C:\WINDOWS\System32\lgbkoueb.dll
2008-02-01 22:30:33 92736 --a------ C:\WINDOWS\System32\homcwige.dll
2008-01-31 18:35:51 94784 --a------ C:\WINDOWS\System32\tqfqfkcf.dll
2008-01-29 15:35:06 78912 --a------ C:\WINDOWS\System32\xydwjnra.dll
2008-01-28 16:08:22 79936 --a------ C:\WINDOWS\System32\llyoubdu.dll
2008-01-27 17:31:04 78912 --a------ C:\WINDOWS\System32\coxfuftw.dll
2008-01-27 16:56:43 78912 --a------ C:\WINDOWS\System32\regprxeq.dll
2008-01-27 16:22:33 89152 --a------ C:\WINDOWS\System32\drilbtdm.dll
2008-01-27 16:19:34 78912 --a------ C:\WINDOWS\System32\wmrwoxcm.dll
2008-01-27 16:06:59 89152 --a------ C:\WINDOWS\System32\mplrovdp.dll
2008-01-27 14:52:51 78912 --a------ C:\WINDOWS\System32\dkvhccgi.dll
2008-01-25 21:13:01 81472 --a------ C:\WINDOWS\System32\mskijguf.dll
2008-01-21 20:28:26 0 d-------- C:\Documents and Settings\Marnie Jones\Application Data\MSN6
2008-01-20 12:22:05 79424 --a------ C:\WINDOWS\System32\cujtktmi.dll
2008-01-18 18:43:55 81984 --a------ C:\WINDOWS\System32\vyatilwc.dll
2008-01-17 18:14:41 77376 --a------ C:\WINDOWS\System32\udoxkbnl.dll
2008-01-17 16:21:38 77376 --a------ C:\WINDOWS\System32\neiuawsw.dll
2008-01-15 10:36:38 79936 --a------ C:\WINDOWS\System32\qgtrcwuv.dll
2008-01-14 12:44:54 89152 --a------ C:\WINDOWS\System32\lumugnuo.dll
2008-01-14 12:38:58 77888 --a------ C:\WINDOWS\System32\xryiuibk.dll
2008-01-11 20:59:22 76864 --a------ C:\WINDOWS\System32\xpbcvllr.dll
2008-01-10 17:48:37 79424 --a------ C:\WINDOWS\System32\qtsrkohx.dll
2008-01-09 19:03:03 79936 --a------ C:\WINDOWS\System32\vhygcwjc.dll
2008-01-08 18:32:16 77888 --a------ C:\WINDOWS\System32\qbabnttv.dll
2008-01-08 17:32:46 77888 --a------ C:\WINDOWS\System32\holkyflc.dll
2008-01-07 15:23:45 76864 --a------ C:\WINDOWS\System32\bkdhbybt.dll
2008-01-07 14:23:48 76864 --a------ C:\WINDOWS\System32\iflllkkx.dll
2008-01-06 12:30:05 90176 --a------ C:\WINDOWS\System32\ruthnwjr.dll
2008-01-06 12:27:04 75840 --a------ C:\WINDOWS\System32\jttgonip.dll
2008-01-03 18:58:41 78400 --a------ C:\WINDOWS\System32\xodjqhht.dll
2008-01-03 10:40:05 87104 --a------ C:\WINDOWS\System32\llwpvrbv.dll
2008-01-02 12:59:09 78400 --a------ C:\WINDOWS\System32\gljtsduw.dll
2008-01-01 16:17:53 77376 --a------ C:\WINDOWS\System32\kafxsknl.dll
2007-12-31 14:56:06 78912 --a------ C:\WINDOWS\System32\kfrmjjpj.dll
2007-12-31 10:40:22 78912 --a------ C:\WINDOWS\System32\njyduura.dll
2007-12-29 22:20:47 78400 --a------ C:\WINDOWS\System32\yteybyla.dll
2007-12-29 12:56:52 78912 --a------ C:\WINDOWS\System32\evusmswe.dll
2007-12-28 12:27:33 77888 --a------ C:\WINDOWS\System32\aystytjk.dll
2007-12-26 21:00:39 80448 --a------ C:\WINDOWS\System32\otrrsqcf.dll
2007-12-26 17:31:51 80448 --a------ C:\WINDOWS\System32\lfjrbhsa.dll
2007-12-26 12:44:57 80448 --a------ C:\WINDOWS\System32\ahxboqpy.dll
2007-12-21 10:58:34 80448 --a------ C:\WINDOWS\System32\opqribgk.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06fa7bae-faf3-427e-8b7d-a384c51b1da2}]
03/13/2008 07:49 PM 93760 --a------ C:\WINDOWS\System32\pquiqlto.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD}]
C:\WINDOWS\System32\cbabc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 02:59 AM C:\WINDOWS\BCMSMMSG.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/27/2003 04:09 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/27/2003 03:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 02:48 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/22/2004 01:23 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/22/2004 01:23 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/14/2004 10:04 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/18/2003 10:01 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 05:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 08:43 AM]
"@"="" []
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [03/04/2004 08:36 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2004 05:59 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [09/20/2004 06:09 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2003 01:04 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [11/21/2003 01:04 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe" [08/02/2005 11:33 AM]
"PD0630 STISvc"="P0630Pin.dll" [06/05/2005 09:01 AM C:\WINDOWS\SYSTEM32\P0630Pin.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 12:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/29/2006 03:55 PM]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" []
"{4C-C0-07-7D-ZN}"="C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 06:26 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 04:51 AM]
"bcc4c0d2"="C:\WINDOWS\System32\edrpxupm.dll" [03/13/2008 07:52 PM]
"BMbff7f34e"="C:\WINDOWS\System32\pokwkdtd.dll" [03/13/2008 07:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/19/2004 05:51 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 09:54 AM]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [03/28/2005 10:13 PM]
"Yahoo! Pager"="1" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 03:16 PM]

C:\Documents and Settings\Marnie Jones\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 6:00:00 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\cbabc




-- End of Deckard's System Scanner: finished at 2008-03-20 20:29:34 ------------
  • 0

#4
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
And here are the contents of extra.txt

I have not restarted this machine.


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 510.33 MiB / 122.31 MiB
Pagefile Memory (total/avail): 1246.98 MiB / 914.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.89 MiB

C: is Fixed (NTFS) - 33.71 GiB total, 12.48 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS548040M9AT00 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 33.71 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE1 - Corsair Flash Voyager USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 959.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Marnie Jones\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HELLACOOL
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marnie Jones
LOGONSERVER=\\HELLACOOL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARNIE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARNIE~1\LOCALS~1\Temp
USERDOMAIN=HELLACOOL
USERNAME=Marnie Jones
USERPROFILE=C:\Documents and Settings\Marnie Jones
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Marnie Jones (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
AccessDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced Video FX Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
AOL Explorer --> C:\Program Files\Common Files\AOL\1125192965\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Driver (1.02.03.0606) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Creative WebCam Live! User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam\Creative WebCam Live! User's Guide\English\CTManual.isu"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
HijackThis 2.0.2 --> "E:\MedKit\Scan\HiJack This\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Explorer Q831167 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
My Wal-Mart Digital Photo Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9 -removeonly
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Odyssey Client --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99D42EC7-652B-4819-B3E6-6450C815E03F}
Outlook Express Q837009 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCam Live! Product Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9 /remove
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type7179 / Error
Event Submitted/Written: 03/17/2008 08:34:14 AM
Event ID/Source: 4612 / EventSystem
Event Description:
The COM+ Event System ran out of memory during its internal processing, at line 62 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Event Record #/Type7178 / Error
Event Submitted/Written: 03/17/2008 08:34:13 AM
Event ID/Source: 4612 / EventSystem
Event Description:
The COM+ Event System ran out of memory during its internal processing, at line 62 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Event Record #/Type7177 / Error
Event Submitted/Written: 03/17/2008 08:34:13 AM
Event ID/Source: 4612 / EventSystem
Event Description:
The COM+ Event System ran out of memory during its internal processing, at line 62 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Event Record #/Type7176 / Error
Event Submitted/Written: 03/17/2008 08:32:04 AM
Event ID/Source: 4612 / EventSystem
Event Description:
The COM+ Event System ran out of memory during its internal processing, at line 62 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Event Record #/Type7175 / Error
Event Submitted/Written: 03/17/2008 08:32:03 AM
Event ID/Source: 4612 / EventSystem
Event Description:
The COM+ Event System ran out of memory during its internal processing, at line 62 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19360 / Error
Event Submitted/Written: 03/20/2008 02:04:20 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type19359 / Error
Event Submitted/Written: 03/18/2008 02:04:19 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type19358 / Warning
Event Submitted/Written: 03/17/2008 10:32:24 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type19356 / Error
Event Submitted/Written: 03/17/2008 08:55:12 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register with DCOM within the required timeout.

Event Record #/Type19317 / Warning
Event Submitted/Written: 03/17/2008 06:04:43 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-03-20 20:29:34 ------------
  • 0

#5
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i can see the vundo infection, since you have tried vundofix we will go straight onto combofix.

i can also see some other malware which we will remove in the next post.

firstly, i can see that the machine has norton antivirus program on it - is that the case or was did you once try and remove it. we can remove it completely and install another antivirus program if that is your desire.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

andrewuk
  • 0

#6
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Okay, I noticed Norton was installed shortly after my last post and ran the uninstaller. The computer restarted at that point. I will wait to do anything more about that until you give me the go ahead.

The computer went into sleep mode during the first combofix while it was trying to create a log. I had to close it and run it again, so the log I am posting is after two combofix executions.

Here is the combofix log:

ComboFix 08-03-21.1 - Marnie Jones 2008-03-21 16:26:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.262 [GMT -8:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marnie Jones\err.log
C:\Documents and Settings\Marnie Jones\Start Menu\Programs\Startup\TA_Start.lnk
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Program Files\winpop
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\BMbff7f34e.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aetwrdao.dll
C:\WINDOWS\system32\ahxboqpy.dll
C:\WINDOWS\system32\aindekig.dll
C:\WINDOWS\SYSTEM32\aqloyopq.ini
C:\WINDOWS\system32\awcrscex.dll
C:\WINDOWS\system32\axtxbtmg.dll
C:\WINDOWS\SYSTEM32\aydfrsbf.ini
C:\WINDOWS\system32\aystytjk.dll
C:\WINDOWS\SYSTEM32\bfglxrrh.ini
C:\WINDOWS\system32\bihofoki.dll
C:\WINDOWS\system32\bkdhbybt.dll
C:\WINDOWS\SYSTEM32\bktaofvv.ini
C:\WINDOWS\system32\cfjhbcfd.dll
C:\WINDOWS\system32\coxfuftw.dll
C:\WINDOWS\system32\cujtktmi.dll
C:\WINDOWS\SYSTEM32\dcwceaws.ini
C:\WINDOWS\SYSTEM32\dfcbhjfc.ini
C:\WINDOWS\system32\dflcqnmm.dll
C:\WINDOWS\SYSTEM32\didteaht.ini
C:\WINDOWS\SYSTEM32\djmawfrs.ini
C:\WINDOWS\system32\dkvhccgi.dll
C:\WINDOWS\SYSTEM32\dpnoojnl.ini
C:\WINDOWS\system32\drilbtdm.dll
C:\WINDOWS\system32\echtadnl.dll
C:\WINDOWS\system32\edrpxupm.dll
C:\WINDOWS\system32\edxwmenf.dll
C:\WINDOWS\SYSTEM32\eeadpfcd.ini
C:\WINDOWS\system32\enagcinv.dll
C:\WINDOWS\system32\equrqgfd.dll
C:\WINDOWS\system32\evusmswe.dll
C:\WINDOWS\system32\extxcrse.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\SYSTEM32\faocireh.ini
C:\WINDOWS\system32\fcbbjefm.dll
C:\WINDOWS\system32\fkeblija.dll
C:\WINDOWS\system32\fmitvaeu.dll
C:\WINDOWS\system32\fqmtrsvp.dll
C:\WINDOWS\SYSTEM32\fudqduly.ini
C:\WINDOWS\system32\fyitlgtw.dll
C:\WINDOWS\SYSTEM32\gbjbeqrj.ini
C:\WINDOWS\system32\gcjnuxbs.dll
C:\WINDOWS\SYSTEM32\gdotutrh.ini
C:\WINDOWS\system32\ghaykrfu.dll
C:\WINDOWS\system32\gkvfadmj.dll
C:\WINDOWS\system32\gljtsduw.dll
C:\WINDOWS\system32\gosqdocy.dll
C:\WINDOWS\system32\gwqrktby.dll
C:\WINDOWS\system32\gxenhvij.dll
C:\WINDOWS\system32\hbpoibat.dll
C:\WINDOWS\system32\hericoaf.dll
C:\WINDOWS\system32\hhohutxy.dll
C:\WINDOWS\system32\hiodpkek.dll
C:\WINDOWS\system32\holkyflc.dll
C:\WINDOWS\system32\homcwige.dll
C:\WINDOWS\SYSTEM32\hpkopbsw.ini
C:\WINDOWS\SYSTEM32\ibeatbvx.ini
C:\WINDOWS\system32\idahxwgg.dll
C:\WINDOWS\system32\iflllkkx.dll
C:\WINDOWS\SYSTEM32\jcggdlgd.ini
C:\WINDOWS\system32\jjyvqfxi.dll
C:\WINDOWS\system32\jrqebjbg.dll
C:\WINDOWS\system32\jttgonip.dll
C:\WINDOWS\system32\juowbqlh.dll
C:\WINDOWS\system32\jwikvcmt.dll
C:\WINDOWS\system32\kafxsknl.dll
C:\WINDOWS\system32\kfrmjjpj.dll
C:\WINDOWS\system32\kjnhxoip.dll
C:\WINDOWS\system32\kkcebksw.dll
C:\WINDOWS\system32\knojnemh.dll
C:\WINDOWS\SYSTEM32\kovqccml.ini
C:\WINDOWS\SYSTEM32\ktaabpfi.ini
C:\WINDOWS\system32\ktbfxkwr.dll
C:\WINDOWS\SYSTEM32\kwqdojoc.ini
C:\WINDOWS\system32\lbnitjlr.dll
C:\WINDOWS\system32\ldpvxdip.dll
C:\WINDOWS\system32\lfjrbhsa.dll
C:\WINDOWS\system32\lgbkoueb.dll
C:\WINDOWS\SYSTEM32\likvkgyj.ini
C:\WINDOWS\system32\llwpvrbv.dll
C:\WINDOWS\system32\llyoubdu.dll
C:\WINDOWS\system32\lumugnuo.dll
C:\WINDOWS\system32\lxtllmeh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mdtblird.ini
C:\WINDOWS\SYSTEM32\mfdqfyui.ini
C:\WINDOWS\SYSTEM32\mmnqclfd.ini
C:\WINDOWS\SYSTEM32\mochfifk.ini
C:\WINDOWS\system32\mplrovdp.dll
C:\WINDOWS\SYSTEM32\mpuxprde.ini
C:\WINDOWS\system32\mskijguf.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\neiuawsw.dll
C:\WINDOWS\SYSTEM32\nfvtcspu.ini
C:\WINDOWS\system32\njyduura.dll
C:\WINDOWS\SYSTEM32\nmmckdsl.ini
C:\WINDOWS\system32\ocsntinm.dll
C:\WINDOWS\system32\ofpnufnv.dll
C:\WINDOWS\system32\oicclnec.dll
C:\WINDOWS\system32\olfxxgne.dll
C:\WINDOWS\system32\opqribgk.dll
C:\WINDOWS\system32\otrrsqcf.dll
C:\WINDOWS\SYSTEM32\oungumul.ini
C:\WINDOWS\system32\owbefknd.dll
C:\WINDOWS\SYSTEM32\pdvorlpm.ini
C:\WINDOWS\SYSTEM32\pfkvtsey.ini
C:\WINDOWS\SYSTEM32\pnjapilc.ini
C:\WINDOWS\system32\pokwkdtd.dll
C:\WINDOWS\system32\pquiqlto.dll
C:\WINDOWS\system32\pypqxkpl.dll
C:\WINDOWS\SYSTEM32\qavaljkw.ini
C:\WINDOWS\system32\qbabnttv.dll
C:\WINDOWS\system32\qgtrcwuv.dll
C:\WINDOWS\SYSTEM32\qkgxscno.ini
C:\WINDOWS\system32\qpsicesv.dll
C:\WINDOWS\system32\qswotirx.dll
C:\WINDOWS\system32\qtsrkohx.dll
C:\WINDOWS\SYSTEM32\qxumwtkf.ini
C:\WINDOWS\system32\rcrhvxgi.dll
C:\WINDOWS\system32\regprxeq.dll
C:\WINDOWS\SYSTEM32\rfuoeash.ini
C:\WINDOWS\SYSTEM32\rjwnhtur.ini
C:\WINDOWS\system32\royygnvk.dll
C:\WINDOWS\system32\rriqxtbg.dll
C:\WINDOWS\SYSTEM32\rtdiglik.ini
C:\WINDOWS\system32\rtpnsixb.dll
C:\WINDOWS\system32\ruthnwjr.dll
C:\WINDOWS\SYSTEM32\rvuxiyhv.ini
C:\WINDOWS\system32\rwgktksb.dll
C:\WINDOWS\system32\ryswbvik.dll
C:\WINDOWS\system32\sfwofepp.dll
C:\WINDOWS\SYSTEM32\skqlsbua.ini
C:\WINDOWS\system32\smawxnmv.dll
C:\WINDOWS\SYSTEM32\ssojeuqn.ini
C:\WINDOWS\system32\ssqrpoo.dll
C:\WINDOWS\system32\suqpdllx.dll
C:\WINDOWS\system32\sxckwlgy.dll
C:\WINDOWS\SYSTEM32\sxgpvjsm.ini
C:\WINDOWS\SYSTEM32\syifesmt.ini
C:\WINDOWS\system32\tfrgdvyd.dll
C:\WINDOWS\system32\tggbcvjc.dll
C:\WINDOWS\system32\tpdndmwv.dll
C:\WINDOWS\system32\tqfqfkcf.dll
C:\WINDOWS\system32\tsqkdcvr.dll
C:\WINDOWS\system32\ucuknmfs.dll
C:\WINDOWS\system32\udoxkbnl.dll
C:\WINDOWS\SYSTEM32\uhomgfsh.ini
C:\WINDOWS\SYSTEM32\urhaogqd.ini
C:\WINDOWS\SYSTEM32\vbrvpwll.ini
C:\WINDOWS\system32\vhygcwjc.dll
C:\WINDOWS\system32\vjwxaoex.dll
C:\WINDOWS\system32\vtffarso.dll
C:\WINDOWS\system32\vyatilwc.dll
C:\WINDOWS\system32\wbwxkpnc.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wmrwoxcm.dll
C:\WINDOWS\system32\wovvosay.dll
C:\WINDOWS\SYSTEM32\wuamjxkn.ini
C:\WINDOWS\system32\xayddwjr.dll
C:\WINDOWS\SYSTEM32\xgdivjks.ini
C:\WINDOWS\SYSTEM32\xkplxfdx.ini
C:\WINDOWS\system32\xodjqhht.dll
C:\WINDOWS\system32\xpbcvllr.dll
C:\WINDOWS\system32\xpowrsyt.dll
C:\WINDOWS\system32\xpvbagtc.dll
C:\WINDOWS\system32\xryiuibk.dll
C:\WINDOWS\system32\xvkwfujl.dll
C:\WINDOWS\system32\xydwjnra.dll
C:\WINDOWS\system32\ylkompif.dll
C:\WINDOWS\system32\ypptiwld.dll
C:\WINDOWS\system32\yteybyla.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_DOMAINSERVICE
-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Legacy_MSControlService
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-21 16:26 . 2008-03-21 16:26 3,631 --a------ C:\12.tmp
2008-03-20 20:27 . 2008-03-20 20:27 <DIR> d-------- C:\Deckard
2008-03-16 14:21 . 2008-03-17 08:43 <DIR> d-------- C:\VundoFix Backups
2008-03-12 16:41 . 2008-03-13 19:44 2,429,363 ---hs---- C:\WINDOWS\SYSTEM32\bwgtbplv.ini
2008-03-10 15:49 . 2008-03-12 16:31 2,386,081 ---hs---- C:\WINDOWS\SYSTEM32\nmbtajue.ini
2008-03-08 16:15 . 2008-03-10 15:42 2,306,405 ---hs---- C:\WINDOWS\SYSTEM32\ngirhsew.ini
2008-03-07 18:55 . 2008-03-08 16:01 2,337,366 ---hs---- C:\WINDOWS\SYSTEM32\lhaykvoj.ini
2008-03-07 18:25 . 2008-03-07 18:47 2,338,917 ---hs---- C:\WINDOWS\SYSTEM32\hlxexwlt.ini
2008-03-07 16:46 . 2008-03-07 18:18 2,340,642 ---hs---- C:\WINDOWS\SYSTEM32\vwsaeaes.ini
2008-03-05 18:49 . 2008-03-07 16:38 2,342,313 ---hs---- C:\WINDOWS\SYSTEM32\ihnytaha.ini
2008-03-05 16:50 . 2008-03-05 18:45 2,267,648 ---hs---- C:\WINDOWS\SYSTEM32\ranujpqh.ini
2008-03-05 16:35 . 2008-03-05 16:47 2,268,716 ---hs---- C:\WINDOWS\SYSTEM32\atayhdxl.ini
2008-03-03 16:55 . 2008-03-05 16:31 2,284,284 ---hs---- C:\WINDOWS\SYSTEM32\smuhcpjd.ini
2008-03-02 13:02 . 2008-03-03 16:49 2,235,028 ---hs---- C:\WINDOWS\SYSTEM32\sqmecvqc.ini
2008-03-02 08:44 . 2008-03-02 12:58 2,160,207 ---hs---- C:\WINDOWS\SYSTEM32\yjycrmjg.ini
2008-03-01 20:28 . 2008-03-02 08:45 2,145,240 ---hs---- C:\WINDOWS\SYSTEM32\hwitejcn.ini
2008-03-01 17:28 . 2008-03-01 20:21 2,271,090 ---hs---- C:\WINDOWS\SYSTEM32\ksdcxqyq.ini
2008-02-29 18:19 . 2008-03-01 17:24 2,546,061 ---hs---- C:\WINDOWS\SYSTEM32\idxdscjg.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 01:57 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 01:32 --------- d-----w C:\Documents and Settings\Marnie Jones\Application Data\Viewpoint
2008-03-02 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-02 01:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 01:26 --------- d-----w C:\Program Files\IrfanView
2008-02-12 03:18 93,248 ----a-w C:\WINDOWS\SYSTEM32\bscuunkt.dll
2008-02-11 04:05 93,248 ----a-w C:\WINDOWS\SYSTEM32\gadyvnvh.dll
2008-02-11 03:20 93,248 ----a-w C:\WINDOWS\SYSTEM32\tkuegoih.dll
2008-02-10 00:59 93,760 ----a-w C:\WINDOWS\SYSTEM32\inavuiuc.dll
2008-02-08 03:25 95,808 ----a-w C:\WINDOWS\SYSTEM32\xnnanmba.dll
2008-02-07 01:43 92,224 ----a-w C:\WINDOWS\SYSTEM32\ourhnoxk.dll
2008-02-06 02:29 94,272 ----a-w C:\WINDOWS\SYSTEM32\ljdfruqu.dll
2008-01-22 04:28 --------- d-----w C:\Documents and Settings\Marnie Jones\Application Data\MSN6
2004-12-17 00:35 4,466,776 ----a-w C:\Program Files\Install_AIM.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWFybmllIEpvbmVz\nqIVvA55KHDSvApW.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD}]
C:\WINDOWS\System32\cbabc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 05:51 306688]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 09:54 5674352]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-03-28 22:13 258048]
"Yahoo! Pager"="1" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 15:16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 02:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-27 16:09 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-27 15:56 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48 32881]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 13:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 13:23 507904]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 22:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 22:01 110592]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 08:43 53248]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 08:36 211828]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 17:59 487424]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-20 18:09 26112]
"HostManager"="C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe" [2005-08-02 11:33 159832]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 09:01 36864 C:\WINDOWS\SYSTEM32\P0630Pin.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 12:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-29 15:55 155648]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"{4C-C0-07-7D-ZN}"="C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe" [ ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 18:26 368706]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 04:51 442455]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-17 16:00:08 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-01-14 16:13:37 36864]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 11:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 20:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys [2004-09-24 21:36]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\System32\DRIVERS\P0630Vid.sys [2005-06-05 17:44]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 16:28:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 16:28:53
ComboFix-quarantined-files.txt 2008-03-22 00:28:37
  • 0

#7
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
And here is the subsequent HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:02 PM, on 3/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\MedKit\Scan\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD} - C:\WINDOWS\System32\cbabc.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [{4C-C0-07-7D-ZN}] C:\Documents and Settings\Marnie Jones\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8439 bytes
  • 0

#8
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Okay, I noticed Norton was installed shortly after my last post and ran the uninstaller. The computer restarted at that point. I will wait to do anything more about that until you give me the go ahead.

we will be installing Avast in the next post, in this post we will get rid of the malware i can see in your logs

The computer went into sleep mode during the first combofix while it was trying to create a log. I had to close it and run it again, so the log I am posting is after two combofix executions.

no problem, i can see that it cleared alot of the malware.

in this post we will clear the rest of the malware that i can see and then in the next post, all being well, we will install Avast and do some further scans to see if there is anything more lurking on your machine.

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\bwgtbplv.ini
C:\WINDOWS\SYSTEM32\nmbtajue.ini
C:\WINDOWS\SYSTEM32\ngirhsew.ini
C:\WINDOWS\SYSTEM32\lhaykvoj.ini
C:\WINDOWS\SYSTEM32\hlxexwlt.ini
C:\WINDOWS\SYSTEM32\vwsaeaes.ini
C:\WINDOWS\SYSTEM32\ihnytaha.ini
C:\WINDOWS\SYSTEM32\ranujpqh.ini
C:\WINDOWS\SYSTEM32\atayhdxl.ini
C:\WINDOWS\SYSTEM32\smuhcpjd.ini
C:\WINDOWS\SYSTEM32\sqmecvqc.ini
C:\WINDOWS\SYSTEM32\yjycrmjg.ini
C:\WINDOWS\SYSTEM32\hwitejcn.ini
C:\WINDOWS\SYSTEM32\ksdcxqyq.ini
C:\WINDOWS\SYSTEM32\idxdscjg.ini
C:\WINDOWS\SYSTEM32\bscuunkt.dll
C:\WINDOWS\SYSTEM32\gadyvnvh.dll
C:\WINDOWS\SYSTEM32\tkuegoih.dll
C:\WINDOWS\SYSTEM32\inavuiuc.dll
C:\WINDOWS\SYSTEM32\xnnanmba.dll
C:\WINDOWS\SYSTEM32\ourhnoxk.dll
C:\WINDOWS\SYSTEM32\ljdfruqu.dll
C:\WINDOWS\System32\cbabc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA79A96B-5CB4-4B45-968E-3A8DBC3BB5FD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{4C-C0-07-7D-ZN}"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

andrweuk
  • 0

#9
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
ComboFix 08-03-21.1 - Marnie Jones 2008-03-21 17:34:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.250 [GMT -8:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\atayhdxl.ini
C:\WINDOWS\SYSTEM32\bscuunkt.dll
C:\WINDOWS\SYSTEM32\bwgtbplv.ini
C:\WINDOWS\System32\cbabc.dll
C:\WINDOWS\SYSTEM32\gadyvnvh.dll
C:\WINDOWS\SYSTEM32\hlxexwlt.ini
C:\WINDOWS\SYSTEM32\hwitejcn.ini
C:\WINDOWS\SYSTEM32\idxdscjg.ini
C:\WINDOWS\SYSTEM32\ihnytaha.ini
C:\WINDOWS\SYSTEM32\inavuiuc.dll
C:\WINDOWS\SYSTEM32\ksdcxqyq.ini
C:\WINDOWS\SYSTEM32\lhaykvoj.ini
C:\WINDOWS\SYSTEM32\ljdfruqu.dll
C:\WINDOWS\SYSTEM32\ngirhsew.ini
C:\WINDOWS\SYSTEM32\nmbtajue.ini
C:\WINDOWS\SYSTEM32\ourhnoxk.dll
C:\WINDOWS\SYSTEM32\ranujpqh.ini
C:\WINDOWS\SYSTEM32\smuhcpjd.ini
C:\WINDOWS\SYSTEM32\sqmecvqc.ini
C:\WINDOWS\SYSTEM32\tkuegoih.dll
C:\WINDOWS\SYSTEM32\vwsaeaes.ini
C:\WINDOWS\SYSTEM32\xnnanmba.dll
C:\WINDOWS\SYSTEM32\yjycrmjg.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\atayhdxl.ini
C:\WINDOWS\SYSTEM32\bscuunkt.dll
C:\WINDOWS\SYSTEM32\bwgtbplv.ini
C:\WINDOWS\SYSTEM32\gadyvnvh.dll
C:\WINDOWS\SYSTEM32\hlxexwlt.ini
C:\WINDOWS\SYSTEM32\hwitejcn.ini
C:\WINDOWS\SYSTEM32\idxdscjg.ini
C:\WINDOWS\SYSTEM32\ihnytaha.ini
C:\WINDOWS\SYSTEM32\inavuiuc.dll
C:\WINDOWS\SYSTEM32\ksdcxqyq.ini
C:\WINDOWS\SYSTEM32\lhaykvoj.ini
C:\WINDOWS\SYSTEM32\ljdfruqu.dll
C:\WINDOWS\SYSTEM32\ngirhsew.ini
C:\WINDOWS\SYSTEM32\nmbtajue.ini
C:\WINDOWS\SYSTEM32\ourhnoxk.dll
C:\WINDOWS\SYSTEM32\ranujpqh.ini
C:\WINDOWS\SYSTEM32\smuhcpjd.ini
C:\WINDOWS\SYSTEM32\sqmecvqc.ini
C:\WINDOWS\SYSTEM32\tkuegoih.dll
C:\WINDOWS\SYSTEM32\vwsaeaes.ini
C:\WINDOWS\SYSTEM32\xnnanmba.dll
C:\WINDOWS\SYSTEM32\yjycrmjg.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-21 17:33 . 2008-03-21 17:33 3,631 --a------ C:\2C.tmp
2008-03-21 16:26 . 2008-03-21 16:26 3,631 --a------ C:\12.tmp
2008-03-20 20:27 . 2008-03-20 20:27 <DIR> d-------- C:\Deckard
2008-03-16 14:21 . 2008-03-17 08:43 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 01:57 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 01:32 --------- d-----w C:\Documents and Settings\Marnie Jones\Application Data\Viewpoint
2008-03-02 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-02 01:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 01:26 --------- d-----w C:\Program Files\IrfanView
2008-01-22 04:28 --------- d-----w C:\Documents and Settings\Marnie Jones\Application Data\MSN6
2004-12-17 00:35 4,466,776 ----a-w C:\Program Files\Install_AIM.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWFybmllIEpvbmVz\nqIVvA55KHDSvApW.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 05:51 306688]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 09:54 5674352]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-03-28 22:13 258048]
"Yahoo! Pager"="1" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 15:16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 02:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-27 16:09 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-27 15:56 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48 32881]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 13:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 13:23 507904]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 22:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 22:01 110592]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 08:43 53248]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 08:36 211828]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 17:59 487424]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-20 18:09 26112]
"HostManager"="C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe" [2005-08-02 11:33 159832]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 09:01 36864 C:\WINDOWS\SYSTEM32\P0630Pin.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 12:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-29 15:55 155648]
"PRISMSVR.EXE"="C:\WINDOWS\System32\PRISMSVR.exe" [ ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 18:26 368706]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 04:51 442455]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-17 16:00:08 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-01-14 16:13:37 36864]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 11:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 20:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys [2004-09-24 21:36]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\System32\DRIVERS\P0630Vid.sys [2005-06-05 17:44]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 17:35:23
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 17:35:59
ComboFix-quarantined-files.txt 2008-03-22 01:35:45
ComboFix2.txt 2008-03-22 00:28:54
  • 0

#10
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:55 PM, on 3/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\explorer.exe
E:\MedKit\Scan\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8095 bytes
  • 0

Advertisements


#11
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
your logs are looking much better.

in this post we will install, update and run the AVAST anti-virus program, and we will also run some other scans to see what else is lurking on your machine. given your machine has been without an anti-virus program, i do expect to find some infections lurking around.

if all goes well i estimate that it will take me 3 more posts, including this one, to wrap this up.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


===STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


===STEP 2====
installing, updating and running avast.

Please go http://www.avast.com.../down_home.html and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial http://www.schmahl.n...astbootscan.htm it may make it easier to you to follow the steps.

Next, choose
Scan all local disks
scan archive files
click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

On completion of the boot scan there will be a report at this location C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt Please post that in your next reply.



===STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


===STEP 4====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


===STEP 5====
and an online scan......

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report


In your next reply could i see:
1. the avast log
2. the malwarebytes log
3. the SUPERantispyware log
4. the totalscan report
5. a new hyjackthis log
6. some idea of how your machine is running now

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk
  • 0

#12
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Okay, Avast took three tries to get through a boot scan, so there are three logs here:

Avast Log 1

03/21/2008 20:55
Scan of all local drives
File C:\Deckard\System Scanner\backup\DOCUME~1\MARNIE~1\LOCALS~1\Temp\iubypqhl.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\Deckard\System Scanner\backup\DOCUME~1\MARNIE~1\LOCALS~1\Temp\qyygikdi.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\Deckard\System Scanner\backup\DOCUME~1\MARNIE~1\LOCALS~1\Temp\vjeleexu.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\Documents and Settings\Marnie Jones\Desktop\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\Documents and Settings\Marnie Jones\My Documents\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\Program Files\AIM\Sysfiles\WxBug.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Program Files\AIM\Sysfiles\WxBug.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 42010 {File is not packed.}

Avast Log 2

03/21/2008 22:28
Scan of all local drives
File C:\Documents and Settings\Marnie Jones\Desktop\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\Documents and Settings\Marnie Jones\My Documents\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll is infected by Win32:Adware-gen [Adw], Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}
File C:\Program Files\Install_AIM.exe\%MAINDIR%\WxBug.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Program Files\Install_AIM.exe\%MAINDIR%\WxBug.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 42010 {File is not packed.}, Move to chest: Error 42010 {File is not packed.}
File C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ahxboqpy.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\awcrscex.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aystytjk.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bihofoki.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bkdhbybt.dll.vir is infected by Win32:Virtumonde-GU [Adw], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bscuunkt.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cfjhbcfd.dll.vir is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\coxfuftw.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cujtktmi.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dflcqnmm.dll.vir is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dkvhccgi.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\drilbtdm.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\echtadnl.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\equrqgfd.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\evusmswe.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\extxcrse.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f02WtR\f02WtR1065.exe.vir is infected by Win32:VB-ESB [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fcbbjefm.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fmitvaeu.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fqmtrsvp.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gadyvnvh.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gcjnuxbs.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ghaykrfu.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gkvfadmj.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gljtsduw.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gosqdocy.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gxenhvij.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hericoaf.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hhohutxy.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hiodpkek.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\holkyflc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\homcwige.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\idahxwgg.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iflllkkx.dll.vir is infected by Win32:Virtumonde-GU [Adw], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\inavuiuc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jjyvqfxi.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jrqebjbg.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jttgonip.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\juowbqlh.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jwikvcmt.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kafxsknl.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kfrmjjpj.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kjnhxoip.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kkcebksw.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\knojnemh.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ktbfxkwr.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ldpvxdip.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lfjrbhsa.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lgbkoueb.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljdfruqu.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\llwpvrbv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\llyoubdu.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lumugnuo.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mplrovdp.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mskijguf.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\neiuawsw.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\njyduura.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ocsntinm.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ofpnufnv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\olfxxgne.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opqribgk.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\otrrsqcf.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ourhnoxk.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\owbefknd.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pypqxkpl.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qbabnttv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qgtrcwuv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qpsicesv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qswotirx.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qtsrkohx.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rcrhvxgi.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\regprxeq.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\royygnvk.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rtpnsixb.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ruthnwjr.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ryswbvik.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sfwofepp.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\smawxnmv.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\suqpdllx.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sxckwlgy.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tkuegoih.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tqfqfkcf.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tsqkdcvr.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ucuknmfs.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\udoxkbnl.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vhygcwjc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vjwxaoex.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vyatilwc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wbwxkpnc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wmrwoxcm.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wovvosay.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xayddwjr.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xnnanmba.dll.vir is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xodjqhht.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xpbcvllr.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xpowrsyt.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xpvbagtc.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xryiuibk.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xvkwfujl.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\xydwjnra.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ypptiwld.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yteybyla.dll.vir is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031453.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031454.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031455.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031456.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031457.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031458.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031459.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP668\A0031460.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP670\A0031548.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP672\A0032590.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP672\A0032591.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP672\A0032621.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP673\A0033627.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP674\A0033667.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP674\A0033668.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP674\A0033669.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP674\A0033670.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP674\A0033671.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0033728.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0033729.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0033730.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0033731.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP677\A0033732.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP680\A0033953.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP681\A0033972.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP681\A0033973.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP681\A0033974.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP681\A0033987.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP681\A0034013.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP682\A0034032.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP682\A0034049.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP682\A0034050.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP682\A0035049.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035153.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035154.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035155.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035156.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035157.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035158.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035159.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035160.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035189.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP686\A0035215.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP687\A0035253.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP687\A0035254.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP687\A0035255.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP687\A0036253.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP688\A0036307.exe is infected by Win32:Tiny-IF [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP688\A0036317.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0037351.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0039351.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0040351.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0040365.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0041365.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0042365.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP689\A0043365.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0044390.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0044391.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0045390.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0046390.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0046408.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP690\A0046409.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0046435.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0046452.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0047465.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048465.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048503.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048681.exe\Wise0013.bin Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048682.exe\Wise0011.bin Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0049503.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0049521.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0050521.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0051521.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0052521.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058672.dll is infected by Win32:Virtumonde-DS [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058674.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058675.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058676.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058677.dll is infected by Win32:Vundo-gen57 [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058678.dll is infected by Win32:Vundo-gen47 [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058679.dll is infected by Win32:Vundo-gen49 [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP699\A0058684.dll is infected by Win32:Vundo-gen46 [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059033.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059035.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059037.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059038.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059039.dll is infected by Win32:Virtumonde-GU [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059040.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059041.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059042.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059043.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059044.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059045.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059046.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059050.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059051.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059052.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059053.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059055.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059056.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059058.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059059.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059060.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059061.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059062.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059064.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059066.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059067.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059068.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059069.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059070.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059071.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059072.dll is infected by Win32:Virtumonde-GU [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059073.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059074.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059075.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059076.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059077.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059078.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059079.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059080.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059081.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059082.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059083.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059085.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059086.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059087.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059088.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059089.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059090.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059092.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059093.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059094.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059095.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059096.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059097.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059099.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059100.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059101.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059102.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059105.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059106.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059107.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059108.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059109.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059110.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059111.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059112.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059113.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059115.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059116.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059118.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059119.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059120.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059122.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059123.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059127.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059128.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059129.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059130.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059131.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059132.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059134.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059135.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059136.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059137.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059138.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059139.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059140.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059141.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059142.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059143.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059144.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059145.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059147.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059148.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059198.exe is infected by Win32:VB-ESB [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059294.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059298.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059303.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059306.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059309.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059313.dll is infected by Win32:TratBHO [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059315.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059470.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059471.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059472.exe is infected by Win32:Obfuscated-CCV [Trj], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059473.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0059473.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 42010 {File is not packed.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060483.dll\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060483.dll is infected by Win32:Adware-gen [Adw], Move to chest: Error 0xC0000034 {Object Name not found.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060484.exe\%MAINDIR%\WxBug.EXE\Wise0008.bin\[Embedded#13b50] is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060484.exe\%MAINDIR%\WxBug.EXE\Wise0008.bin is infected by Win32:Adware-gen [Adw], Move to chest: Error 42010 {File is not packed.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060485.dll is infected by Win32:Adware-gen [Adw]
File C:\VundoFix Backups\byxyaba.dll.bad is infected by Win32:Vundo-gen46 [Adw]
File C:\VundoFix Backups\cbabc.dll.bad is infected by Win32:Virtumonde-DS [Adw]
File C:\VundoFix Backups\cthrevtx.dll.bad is infected by Win32:TratBHO [Trj]
File C:\VundoFix Backups\dspltfdo.dll.bad is infected by Win32:Trojan-gen {Other}
File C:\VundoFix Backups\lyxabwrb.dll.bad is infected by Win32:TratBHO [Trj]
File C:\VundoFix Backups\pjnyydri.dll.bad is infected by Win32:Vundo-gen57 [Adw]
File C:\VundoFix Backups\qsthdwiu.dll.bad is infected by Win32:Vundo-gen47 [Adw]
File C:\VundoFix Backups\wnvsouck.dll.bad is infected by Win32:Vundo-gen49 [Adw]
File C:\WINDOWS\SYSTEM32\aihwhtvd.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\arrhtdxw.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\atdrrvny.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\cubcxptx.dll is infected by Win32:Trojan-gen {Other}
File C:\WINDOWS\SYSTEM32\cxhfcwcy.dll is infected by Win32:Trojan-gen {Other}
File C:\WINDOWS\SYSTEM32\dbmrgrlr.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\dcrqxhql.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\dhqpbjdv.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\dntfnlku.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\epjecsdh.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\exuhqwks.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\fjthdxik.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\fykgyhva.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\gxkphrwl.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\hhebrind.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\imdformm.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\imwxigko.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\jedqxapi.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\jjmsrlpf.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\lcnuyoqi.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\lpbdnlrq.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\mhcuxpag.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\mmmsyeaq.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\msluyige.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\nuranxhy.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\nvmgoboi.dll is infected by Win32:Trojan-gen {Other}
File C:\WINDOWS\SYSTEM32\oqcwodgy.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\ostngano.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\paupdfee.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\pplkepxd.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\pxomcqos.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\qfraplgg.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\qopeesmw.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\qunesqmh.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\rjppmxvs.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\rmmmjumh.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\rmuwaavg.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\tdhlpxfh.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\tdnxxpsu.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\tfbsjwen.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\tiaaaahm.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\tvinyeyh.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\ufdiamlc.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\uvudwaao.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\wbfauryl.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\wgsdoile.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\wxuqcydx.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\SYSTEM32\ynvoluic.exe is infected by Win32:Agent-LAP [Trj]
File C:\WINDOWS\TWFybmllIEpvbmVz\nqIVvA55KHDSvApW.vbs is infected by VBS:Malware-gen

Number of searched folders: 5240
Number of tested files: 178009
Number of infected files: 356


Avast Log 3

03/22/2008 16:48
Scan of all local drives
File C:\Documents and Settings\Marnie Jones\Desktop\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\Documents and Settings\Marnie Jones\My Documents\Install_AIM.exe\Wise0018.bin Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048681.exe\Wise0013.bin Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048682.exe\Wise0011.bin Error 42146 {Installer archive is corrupted.}
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0060485.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\VundoFix Backups\byxyaba.dll.bad is infected by Win32:Vundo-gen46 [Adw], Moved to chest
File C:\VundoFix Backups\cbabc.dll.bad is infected by Win32:Virtumonde-DS [Adw], Moved to chest
File C:\VundoFix Backups\cthrevtx.dll.bad is infected by Win32:TratBHO [Trj], Moved to chest
File C:\VundoFix Backups\dspltfdo.dll.bad is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\VundoFix Backups\lyxabwrb.dll.bad is infected by Win32:TratBHO [Trj], Moved to chest
File C:\VundoFix Backups\pjnyydri.dll.bad is infected by Win32:Vundo-gen57 [Adw], Moved to chest
File C:\VundoFix Backups\qsthdwiu.dll.bad is infected by Win32:Vundo-gen47 [Adw], Moved to chest
File C:\VundoFix Backups\wnvsouck.dll.bad is infected by Win32:Vundo-gen49 [Adw], Moved to chest
File C:\WINDOWS\SYSTEM32\aihwhtvd.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\arrhtdxw.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\atdrrvny.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\cubcxptx.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\SYSTEM32\cxhfcwcy.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\SYSTEM32\dbmrgrlr.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\dcrqxhql.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\dhqpbjdv.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\dntfnlku.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\epjecsdh.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\exuhqwks.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\fjthdxik.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\fykgyhva.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\gxkphrwl.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\hhebrind.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\imdformm.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\imwxigko.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\jedqxapi.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\jjmsrlpf.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\lcnuyoqi.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\lpbdnlrq.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\mhcuxpag.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\mmmsyeaq.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\msluyige.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\nuranxhy.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\nvmgoboi.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\SYSTEM32\oqcwodgy.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\ostngano.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\paupdfee.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\pplkepxd.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\pxomcqos.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\qfraplgg.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\qopeesmw.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\qunesqmh.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\rjppmxvs.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\rmmmjumh.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\rmuwaavg.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\tdhlpxfh.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\tdnxxpsu.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\tfbsjwen.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\tiaaaahm.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\tvinyeyh.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\ufdiamlc.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\uvudwaao.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\wbfauryl.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\wgsdoile.exe is infected by Win32:Agent-LAP [Trj], Moved to chest
File C:\WINDOWS\SYSTEM32\wxuqcydx.exe is i
  • 0

#13
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
MBAM LOG

Malwarebytes' Anti-Malware 1.09
Database version: 522

Scan type: Full Scan (C:\|)
Objects scanned: 77881
Time elapsed: 37 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\SYSTEM32\cfig322 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\drvr2 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssqrpoo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marnie Jones\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.


SAS LOG


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/22/2008 at 08:26 PM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Complete Scan
Total Scan Time : 00:18:34

Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 5046
Registry threats detected : 0
File items scanned : 13302
File threats detected : 71

Adware.Tracking Cookie
C:\Documents and Settings\Marnie Jones\Cookies\marnie [email protected]ist[1].txt
C:\Documents and Settings\Marnie Jones\Cookies\marnie [email protected][2].txt

Adware.Viewpoint Toolbar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP691\A0048885.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0052534.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP692\A0052551.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP693\A0052579.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP694\A0053579.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP694\A0054579.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP694\A0054592.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP695\A0056592.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP697\A0057645.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP698\A0057662.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059032.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059047.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059054.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059063.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059091.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059104.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059124.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059125.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP704\A0059146.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061499.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061500.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061521.DLL

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061496.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061497.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061501.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061502.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061505.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061506.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061507.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061526.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061509.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061511.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061512.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061513.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061515.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061516.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061518.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061519.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061520.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061522.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061523.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061524.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061525.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061543.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061527.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061528.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061529.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061530.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061531.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061532.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061533.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061534.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061535.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061536.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061537.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061539.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061540.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061541.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP705\A0061542.EXE

  • 0

#14
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
Panda Scan Log


Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[advancedcleaner.com/]
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.advancedcleaner.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.com.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.go.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[.target.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marnie Jones\Application Data\Mozilla\Firefox\Profiles\oc0djqg6.default\cookies.txt[www.burstbeacon.com/]
Virus:Trj/Downloader.PME Disinfected C:\Documents and Settings\Marnie Jones\Local Settings\Application Data\Wildtangent\Cdacache\00\00\17.dat
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aindekig.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\edxwmenf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fkeblija.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gwqrktby.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lbnitjlr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oicclnec.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tfrgdvyd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtffarso.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ylkompif.dll.vir
  • 0

#15
astrosoup

astrosoup

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 181 posts
HJT LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:30 PM, on 3/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125192965\ee\AOLServiceHost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
E:\MedKit\Scan\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125192965\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9161 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP