Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winlogon won't go away [CLOSED]

Started by ibuyjunkycars , May 11 2008 02:13 AM

This topic is locked

#1
ibuyjunkycars

Posted 11 May 2008 - 02:13 AM

New Member

Member
6 posts

Hi i've been having trouble with this winlogon. I've removed it a few times but it keeps coming back, i've got hijackthis, spywareblaster, spybot S&D, AVG, tune up utilities 2008, ad-aware 2007, CCleaner and Instant Memory Cleaner. Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:18 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\America Online 7.0\waol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4EC00CF3-B1F5-4CA9-892C-D15D327FEFC5} - (no file)
O2 - BHO: (no name) - {50C9F17D-3007-44E8-B9D7-1936946F38D3} - C:\WINDOWS\system32\xxyayvvw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\byXnMgec.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail09b.shu.edu/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{727A3A01-6DA0-4CB3-AB34-5EEDEDCC6C97}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: byXnMgec - C:\WINDOWS\SYSTEM32\byXnMgec.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 20636 bytes

#2
Thunderbird1988

Posted 11 May 2008 - 05:30 AM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars and welcome at Geekstogo,

I am Thunderbird1988 and I am going to solve your problems, if you have any questions feel free to ask

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thunderbird1988

#3
ibuyjunkycars

Posted 11 May 2008 - 03:56 PM

New Member

Topic Starter
Member
6 posts

Ok i did exactly as you said. And things are already running great! Here is the Combofix Log.

ComboFix 08-05-11.1 - Owner 2008-05-11 16:10:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.617 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\Common Files\{38CAE~1
C:\Program Files\Common Files\{38CAE~1\Uninstall.exe
C:\Program Files\Common Files\{38CAE~2
C:\Program Files\Common Files\{38CAE~2\Bar888.dll
C:\Program Files\Common Files\{38CAE~2\UnInstall.exe
C:\Program Files\Common Files\{F8CAE~1
C:\Program Files\CPV
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\xInsIDE
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000060.exe
C:\WINDOWS\system32\dKnoWvut.ini
C:\WINDOWS\system32\dKnoWvut.ini2
C:\WINDOWS\system32\DMoUwGgh.ini
C:\WINDOWS\system32\DMoUwGgh.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\SYJlkkkj.ini
C:\WINDOWS\system32\SYJlkkkj.ini2
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wvvyayxx.ini
C:\WINDOWS\system32\wvvyayxx.ini2
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COM+_MESSAGES

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 16:00 . 2008-05-11 16:00 98,912 --a------ C:\WINDOWS\system32\iyebayoo.dll
2008-05-11 15:58 . 2008-05-11 16:32 109,803 --a------ C:\WINDOWS\BMfbf9d8f9.xml
2008-05-11 15:58 . 2008-05-11 15:58 90,208 --a------ C:\WINDOWS\system32\kkvoqqvr.dll
2008-05-11 15:57 . 2008-05-11 15:57 316,464 --a------ C:\WINDOWS\system32\jkkklJYS.dll
2008-05-11 10:08 . 2008-05-11 10:08 95 --a------ C:\WINDOWS\wininit.ini
2008-05-11 01:48 . 2008-05-11 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wxetaful
2008-05-11 01:23 . 2008-05-11 01:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 01:17 . 2008-05-11 01:17 32,768 --a------ C:\WINDOWS\system32\sockins32.dll
2008-05-11 01:17 . 2008-05-11 01:17 25,728 --a------ C:\WINDOWS\system32\byXnMgec.dll
2008-05-11 01:17 . 2008-05-11 01:17 578 --a------ C:\WINDOWS\index.html
2008-05-11 00:56 . 2008-05-11 01:15 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-05-11 00:56 . 2008-05-11 01:15 35,382 --a------ C:\WINDOWS\scunin.dat
2008-05-11 00:56 . 2008-05-11 01:15 967 --a------ C:\WINDOWS\ScUnin.pif
2008-05-01 05:36 . 2008-05-04 23:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 05:36 . 2008-05-01 05:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-28 01:21 . 2008-04-28 01:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-04-28 01:19 . 2008-04-28 01:19 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-27 19:08 . 2008-04-27 19:08 88,524 --a------ C:\smitfrau.reg
2008-04-27 19:08 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
2008-04-27 19:08 . 2005-10-28 17:50 3,451 --a------ C:\delfiles.cmd
2008-04-27 19:08 . 2008-04-27 19:08 1,458 --a------ C:\smitfra.reg
2008-04-16 03:04 . 2008-04-16 03:04 <DIR> d-------- C:\Program Files\iPod
2008-04-16 03:03 . 2008-04-16 03:04 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-05-11 21:00 --------- d-----w C:\Program Files\America Online 7.0
2008-05-11 15:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-11 10:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 10:02 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-11 09:36 --------- d-----w C:\Program Files\Viewpoint
2008-05-11 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-11 07:18 --------- d-----w C:\Program Files\Starcraft
2008-05-11 07:16 --------- d-----w C:\Program Files\BitLord
2008-05-06 22:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-06 19:45 --------- d-----w C:\Program Files\LimeWire
2008-04-28 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 08:00 --------- d-----w C:\Program Files\QuickTime
2008-04-16 07:51 --------- d-----w C:\Program Files\Apple Software Update
2008-03-30 04:06 32,768 ----a-w C:\Documents and Settings\Owner\NTDLL.dll
2008-03-24 05:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-19 03:01 --------- d-----w C:\Program Files\Safari
2008-03-18 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-18 17:35 --------- d-----w C:\Program Files\Lavasoft
2008-03-12 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 02:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 01:46 37,888 ----a-w C:\WINDOWS\ctatolgd.exe
2008-03-12 01:46 188,928 ----a-w C:\WINDOWS\sjebubmr.dll
2008-02-16 03:28 17,408 ----a-w C:\psapi.dll
2008-02-16 03:19 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-13 19:00 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\NTDLL.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{173d99d2-6bb3-432d-b598-befd4cf1b28e}]
2008-05-11 16:00 98912 --a------ C:\WINDOWS\system32\iyebayoo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
2008-05-11 01:17 25728 --a------ C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F21A60AE-714B-4779-B02B-E1BA9DE2A33D}]
C:\WINDOWS\system32\hgGwUoMD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAF86C6B-F72E-4FE5-991C-47301B599D69}]
2008-05-11 15:57 316464 --a------ C:\WINDOWS\system32\jkkklJYS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:14 579584]
"combofix"="C:\WINDOWS\system32\CF14554.exe" [2004-08-04 00:56 388608]
"BMfbf9d8f9"="C:\WINDOWS\system32\kkvoqqvr.dll" [2008-05-11 15:58 90208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 15:34 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\system32\byXnMgec.dll [2008-05-11 01:17 25728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXnMgec]
byXnMgec.dll 2008-05-11 01:17 25728 C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 10:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 22:01 50792 C:\Program Files\Common Files\AOL\1139038492\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-07-22 22:47 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-07-22 22:46 401408 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule3]
C:\Program Files\ISM\ISMModule3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2005-05-03 09:10 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mqlluwj.dll]
C:\Documents and Settings\Owner\Local Settings\Application Data\mqlluwj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9]
C:\Program Files\QdrModule\QdrModule9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-08 01:19 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\bak\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate]
C:\36110103225266829921.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpgrade]
C:\36110103225266799359.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{F8CAEBCA-031E-1033-0811-051114200001}]
C:\Program Files\Common Files\{F8CAEBCA-031E-1033-0811-051114200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"COM+ Messages"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aim6.exe"=
"C:\\My Downloads\\ZSNE94\\ZSNESW.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\America Online 7.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 22:19]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 02:25:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-06 03:42:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 16:30:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXnMgec.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-11 16:39:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 21:39:31

Pre-Run: 11,112,497,152 bytes free
Post-Run: 13,304,528,896 bytes free

379

And here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:15 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 7.0\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {e82b1fc4-dfeb-895b-d234-3bb62d99d371} - {173d99d2-6bb3-432d-b598-befd4cf1b28e} - C:\WINDOWS\system32\iyebayoo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\system32\byXnMgec.dll
O2 - BHO: (no name) - {F21A60AE-714B-4779-B02B-E1BA9DE2A33D} - C:\WINDOWS\system32\hgGwUoMD.dll (file missing)
O2 - BHO: (no name) - {FAF86C6B-F72E-4FE5-991C-47301B599D69} - C:\WINDOWS\system32\jkkklJYS.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BMfbf9d8f9] Rundll32.exe "C:\WINDOWS\system32\kkvoqqvr.dll",s
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail09b.shu.edu/dwa7W.cab
O18 - Protocol: bw+0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byXnMgec - C:\WINDOWS\SYSTEM32\byXnMgec.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 19966 bytes

#4
Thunderbird1988

Posted 12 May 2008 - 08:21 AM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars,

I would strongly recommand to uninstall Limewire and Bitlord, These programs, are peer to peer (p2p) programs. The problems with these kinds of programs is that they are causing lots of infections every day. Also the use of it is illegal in many countries.

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\iyebayoo.dll
C:\WINDOWS\BMfbf9d8f9.xml
C:\WINDOWS\system32\kkvoqqvr.dll
C:\WINDOWS\system32\jkkklJYS.dll
C:\WINDOWS\system32\byXnMgec.dll
C:\WINDOWS\ctatolgd.exe
C:\WINDOWS\sjebubmr.dll
C:\psapi.dll
C:\Documents and Settings\Owner\Local Settings\Application Data\mqlluwj.dll
C:\Program Files\QdrModule
C:\36110103225266829921.exe
C:\36110103225266799359.exe

Folder::

C:\Documents and Settings\All Users\Application Data\wxetaful
C:\Program Files\Insider
C:\Program Files\Ipwindows
C:\Program Files\ISM
C:\Program Files\Common Files\{F8CAEBCA-031E-1033-0811-051114200001}

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{173d99d2-6bb3-432d-b598-befd4cf1b28e}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F21A60AE-714B-4779-B02B-E1BA9DE2A33D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAF86C6B-F72E-4FE5-991C-47301B599D69}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMfbf9d8f9"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mqlluwj.dll]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{F8CAEBCA-031E-1033-0811-051114200001}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpgrade]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

Thunderbird1988

#5
ibuyjunkycars

Posted 12 May 2008 - 06:19 PM

New Member

Topic Starter
Member
6 posts

Ok Here is the new combofix log. i also removed bittorrent.

ComboFix 08-05-11.1 - Owner 2008-05-12 17:20:40.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\wxetaful
C:\Documents and Settings\All Users\Application Data\wxetaful\stojutup.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\MSBLStwa.ini
C:\WINDOWS\system32\MSBLStwa.ini2
C:\WINDOWS\system32\umjlpura.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-11 18:01 . 2008-05-11 18:01 98,912 --a------ C:\WINDOWS\system32\egedxelw.dll
2008-05-11 17:55 . 2008-05-11 17:55 83,024 --a------ C:\WINDOWS\system32\arupljmu.dll
2008-05-11 17:53 . 2008-05-11 17:53 90,208 --a------ C:\WINDOWS\system32\qcyjvhka.dll
2008-05-11 17:52 . 2008-05-11 17:52 316,464 --a------ C:\WINDOWS\system32\awtSLBSM.dll
2008-05-11 16:00 . 2008-05-11 16:00 98,912 --a------ C:\WINDOWS\system32\iyebayoo.dll
2008-05-11 15:58 . 2008-05-12 16:48 109,803 --a------ C:\WINDOWS\BMfbf9d8f9.xml
2008-05-11 15:58 . 2008-05-11 15:58 90,208 --a------ C:\WINDOWS\system32\kkvoqqvr.dll
2008-05-11 15:57 . 2008-05-11 15:57 316,464 --a------ C:\WINDOWS\system32\jkkklJYS.dll
2008-05-11 10:08 . 2008-05-11 10:08 95 --a------ C:\WINDOWS\wininit.ini
2008-05-11 01:23 . 2008-05-11 01:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 01:17 . 2008-05-11 01:17 32,768 --a------ C:\WINDOWS\system32\sockins32.dll
2008-05-11 01:17 . 2008-05-11 01:17 25,728 --a------ C:\WINDOWS\system32\byXnMgec.dll
2008-05-11 01:17 . 2008-05-11 01:17 578 --a------ C:\WINDOWS\index.html
2008-05-11 00:56 . 2008-05-11 01:15 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-05-11 00:56 . 2008-05-11 01:15 35,382 --a------ C:\WINDOWS\scunin.dat
2008-05-11 00:56 . 2008-05-11 01:15 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-28 01:21 . 2008-04-28 01:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-04-28 01:19 . 2008-04-28 01:19 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-27 19:08 . 2008-04-27 19:08 88,524 --a------ C:\smitfrau.reg
2008-04-27 19:08 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
2008-04-27 19:08 . 2005-10-28 17:50 3,451 --a------ C:\delfiles.cmd
2008-04-27 19:08 . 2008-04-27 19:08 1,458 --a------ C:\smitfra.reg
2008-04-16 03:04 . 2008-04-16 03:04 <DIR> d-------- C:\Program Files\iPod
2008-04-16 03:03 . 2008-04-16 03:04 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 22:14 --------- d-----w C:\Program Files\America Online 7.0
2008-05-12 14:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-11 23:24 --------- d-----w C:\Program Files\Starcraft
2008-05-11 23:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-05-11 10:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 10:02 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-11 09:36 --------- d-----w C:\Program Files\Viewpoint
2008-05-11 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-11 07:16 --------- d-----w C:\Program Files\BitLord
2008-05-06 22:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-06 19:45 --------- d-----w C:\Program Files\LimeWire
2008-04-28 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 08:00 --------- d-----w C:\Program Files\QuickTime
2008-04-16 07:51 --------- d-----w C:\Program Files\Apple Software Update
2008-03-30 04:06 32,768 ----a-w C:\Documents and Settings\Owner\NTDLL.dll
2008-03-24 05:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-19 03:01 --------- d-----w C:\Program Files\Safari
2008-03-18 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-18 17:35 --------- d-----w C:\Program Files\Lavasoft
2008-03-12 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 02:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 01:46 37,888 ----a-w C:\WINDOWS\ctatolgd.exe
2008-03-12 01:46 188,928 ----a-w C:\WINDOWS\sjebubmr.dll
2008-02-16 03:28 17,408 ----a-w C:\psapi.dll
2008-02-16 03:19 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-13 19:00 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\NTDLL.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_16.37.54.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 21:26:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 22:44:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2808494F-D505-47BC-B539-F4462E3B8768}]
2008-05-12 17:56 314480 --a------ C:\WINDOWS\system32\fccbBRLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{704821BD-659B-4787-AB24-E2D347C6A482}]
2008-05-11 17:52 316464 --a------ C:\WINDOWS\system32\awtSLBSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
2008-05-11 01:17 25728 --a------ C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9089304-cf5b-4f2d-9bc7-71a78513fed6}]
2008-05-11 18:01 98912 --a------ C:\WINDOWS\system32\egedxelw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:14 579584]
"f8caeb65"="C:\WINDOWS\system32\arupljmu.dll" [2008-05-11 17:55 83024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 15:34 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\system32\byXnMgec.dll [2008-05-11 01:17 25728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXnMgec]
byXnMgec.dll 2008-05-11 01:17 25728 C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccbBRLe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 10:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 22:01 50792 C:\Program Files\Common Files\AOL\1139038492\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-07-22 22:47 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-07-22 22:46 401408 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2005-05-03 09:10 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-08 01:19 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\bak\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"COM+ Messages"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aim6.exe"=
"C:\\My Downloads\\ZSNE94\\ZSNESW.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\America Online 7.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 22:19]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 02:25:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-06 03:42:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 17:48:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\umjlpura.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXnMgec.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\arupljmu.dll
-> C:\WINDOWS\system32\fccbBRLe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-12 18:01:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 23:01:00
ComboFix2.txt 2008-05-11 21:39:46

Pre-Run: 13,306,208,256 bytes free
Post-Run: 13,369,643,008 bytes free

298

Here is the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:56 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 7.0\waol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [f8caeb65] rundll32.exe "C:\WINDOWS\system32\arupljmu.dll",b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail09b.shu.edu/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{727A3A01-6DA0-4CB3-AB34-5EEDEDCC6C97}: NameServer = 205.188.146.145
O18 - Protocol: bw+0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E6727337-890E-4162-A9F8-BE442D080A94} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 19367 bytes

Thanks for all your help so far.

#6
Thunderbird1988

Posted 13 May 2008 - 06:46 AM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars,

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt, a new log of Combofix and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Thunderbird1988

#7
ibuyjunkycars

Posted 15 May 2008 - 03:03 AM

New Member

Topic Starter
Member
6 posts

i scanned and it said "no infected files found"

#8
Thunderbird1988

Posted 16 May 2008 - 01:12 AM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Please post the log of DR.web CureIT and a new log of Combofix.

Thunderbird1988

#9
ibuyjunkycars

Posted 17 May 2008 - 10:06 PM

New Member

Topic Starter
Member
6 posts

DRweb log

sockins32.dll;c:\windows\system32;Trojan.BhoSpy.6;Deleted.;
aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.;
00038690.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00039018.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00279828.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00286078.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00316109.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
00330156.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.452;Deleted.;
00349796.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
00357218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00368000.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
00382453.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
00395562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
00433046.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.44697;Deleted.;
00449171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.8200;Deleted.;
00611000.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00658703.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
00701984.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00797176.FIL;C:\$VAULT$.AVG;Trojan.Packed.383;Deleted.;
00920187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
00927328.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
00955015.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
00962796.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
00966265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
00966375.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
00989125.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
01036218.FIL;C:\$VAULT$.AVG;Trojan.Fakealert.452;Deleted.;
01286218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
01351703.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
01361703.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
01587562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
01881734.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14101;Deleted.;
02174921.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
02204828.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
02808156.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
02865627.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
02945015.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
02946015.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
02946140.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03263786.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03344422.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
03344735.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
03554376.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03555172.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03604377.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03604705.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03606895.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03810270.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
03968145.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
04087112.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
04087549.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
04224562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
04227594.FIL;C:\$VAULT$.AVG;Trojan.LowZones.882;Deleted.;
04504312.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
04784860.FIL;C:\$VAULT$.AVG;Trojan.PWS.Gamania.8445;Deleted.;
04923078.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
04956063.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
04956422.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
05198422.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
05198829.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
05412359.FIL;C:\$VAULT$.AVG;Trojan.LowZones.882;Deleted.;
05787360.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
05787766.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06030171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06030703.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06085062.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06086187.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
06086921.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
06104671.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06104921.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
06143843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06247751.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06248141.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06266609.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06310204.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06310516.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06449937.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06629781.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06631609.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06698883.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
06699086.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
06699273.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17710;Deleted.;
06756534.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13396;Deleted.;
06811843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06814265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
06998015.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07052860.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07053376.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07062409.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
07177453.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07179531.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07184718.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
07184968.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
07359718.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07362296.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07542953.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07545125.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07728203.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07903804.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
07912734.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
08044844.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
08045157.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
08137187.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.31984;Deleted.;
08137515.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
08149234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
08149359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.31984;Deleted.;
08231862.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
08232612.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
08527641.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
08528532.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
09094928.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
09300100.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
09300460.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
09603300.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
10090491.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10090741.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
10091022.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
10091147.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
10091397.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
10091507.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10091678.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10491332.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10491707.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
10491957.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
10492160.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10492613.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
10492785.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10493050.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
10493269.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
10907922.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
10908266.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
11626426.FIL;C:\$VAULT$.AVG;Trojan.Stars.186;Deleted.;
11928329.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
11929157.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
12047139.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
12047451.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
12602953.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
12603437.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
12603687.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
12603765.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
12603906.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
12604593.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
12604812.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
12604921.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
12666281.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
13206872.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
13480897.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
13481225.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
13710035.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
14125609.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
14866421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13396;Deleted.;
15271253.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
15456390.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
16155568.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
16156552.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
16180734.FIL;C:\$VAULT$.AVG;Trojan.LowZones.882;Deleted.;
16451469.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
16796968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
16797531.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
17199890.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17290610.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17290891.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17508003.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17508346.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17524392.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17524877.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17713921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17714265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17870391.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17908593.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
17909093.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18272281.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18357859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18358140.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18610469.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
18868156.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18868531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.19701;Deleted.;
18868703.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
18869531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.19701;Deleted.;
19492171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19495546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19675546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19678718.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19757718.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
19758203.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
19758359.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
19781564.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
19833265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19833703.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19858921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19863062.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19917843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
19918296.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
19918328.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
19930890.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
19931250.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
20043046.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
20045328.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
20262507.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
20262647.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
20943344.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
20943594.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21198610.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21198907.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21268421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21268781.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21405204.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
21405751.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
21538968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21539296.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21539468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21657944.FIL;C:\$VAULT$.AVG;Trojan.Starter.246;Deleted.;
21658225.FIL;C:\$VAULT$.AVG;Trojan.Starter.246;Deleted.;
21658257.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
21666007.FIL;C:\$VAULT$.AVG;Trojan.Starter.246;Deleted.;
21666132.FIL;C:\$VAULT$.AVG;Trojan.Starter.246;Deleted.;
21666178.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
22544953.FIL;C:\$VAULT$.AVG;Trojan.Winpop.origin;Incurable.Moved.;
22754756.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
22919314.FIL;C:\$VAULT$.AVG;Trojan.Spambot;Deleted.;
22922845.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
22924752.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
22928330.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17193;Deleted.;
22945891.FIL;C:\$VAULT$.AVG;Trojan.Rond.origin;Incurable.Moved.;
22996849.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
22997131.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
23844112.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
23857456.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
24934036.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25450518.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25452393.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25456171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25581079.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25581922.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25635812.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25776562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25776906.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
25940888.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26060093.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
26074421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26217812.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26310844.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
26311079.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
26324235.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
26324422.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
26359343.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
26374468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26385171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26387421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26561437.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26570671.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26660546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
26739312.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26754937.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26849250.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26913480.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26926203.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26944250.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
26963436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
27144140.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
27261999.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
27334859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
27566436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
27569719.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
27570266.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
27570360.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
27570844.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
27570985.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
27571329.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
27867077.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28167061.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28436875.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
28467249.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28644375.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
28748857.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
28749045.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
28749248.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
28749373.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
28749654.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
28749732.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
28749935.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
28750092.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14101;Deleted.;
28750279.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28750326.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28764232.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
28764342.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
28764701.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
28764720.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
28764842.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
28764982.FIL;C:\$VAULT$.AVG;Adware.Ttc;;
28769780.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
28938390.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
28982500.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.59784;Deleted.;
29094686.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
29245078.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
29684782.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
29685188.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
29830046.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
29830375.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
29830500.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
29830859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
29834098.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
29834801.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
29844890.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
29844968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
29845187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
29845437.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
30013359.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
30013625.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31058562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31058890.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31069361.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31069705.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31100985.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31101282.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31523687.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
31524375.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
32971873.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
33067110.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
33067891.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
33068266.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
33068407.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
33068563.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
33068657.FIL;C:\$VAULT$.AVG;Trojan.Stars.186;Deleted.;
33090534.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
33270685.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
33527035.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
33574014.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
33625408.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
33625767.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
33682365.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
33682506.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
33703175.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
33874498.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
33883722.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
33885457.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
33985515.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
34076410.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34257410.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34431050.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34434035.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34616332.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34772234.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34798347.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
34875734.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
35159078.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35159453.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
35159750.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
35159859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
35160187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
35160640.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35160781.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
35161046.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
35161171.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35161281.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35161375.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
35161578.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
35304648.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
35305023.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
35478552.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
35519844.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35520297.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
35984140.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36166531.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36223046.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36223234.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
36223484.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
36223593.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
36224265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
36224406.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
36224546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
36224781.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36224843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
36224921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
36347046.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36350234.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36400656.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36400843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
36400968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
36401359.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36401578.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13396;Deleted.;
36401703.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36401890.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
36402000.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
36402406.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
36402531.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
36505161.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36529796.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36531359.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36547476.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36715531.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36740239.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36740505.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36811687.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36811921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36812046.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36881266.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
36893890.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
36894609.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
36897656.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
36949080.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37080187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37213688.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
37213954.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
37267500.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37301676.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
37461406.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37464048.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
37464392.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
37643890.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37819062.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
37821265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38002203.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38005859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38186718.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38229640.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38251952.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
38552718.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
38615283.FIL;C:\$VAULT$.AVG;Trojan.Packed.383;Deleted.;
38738984.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13671;Deleted.;
38739859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13671;Deleted.;
38772236.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38851765.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
38955423.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38995515.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
38995875.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39013767.FIL;C:\$VAULT$.AVG;Trojan.Collector;Deleted.;
39093812.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39094125.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
39094218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39094343.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.8200;Deleted.;
39094484.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39094546.FIL;C:\$VAULT$.AVG;Adware.Macfa;;
39132923.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39135986.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39164218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
39337158.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39439402.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39439777.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39455218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
39509236.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39563593.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39563750.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39695064.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
39866767.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40012483.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
40049439.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40133752.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
40134080.FIL;C:\$VAULT$.AVG;Trojan.PWS.Snap;Deleted.;
40134377.FIL;C:\$VAULT$.AVG;Trojan.PWS.Snap;Deleted.;
40134564.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17193;Deleted.;
40134658.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
40142017.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
40142095.FIL;C:\$VAULT$.AVG;Trojan.Spambot;Deleted.;
40142283.FIL;C:\$VAULT$.AVG;BackDoor.Bifrost.759;Deleted.;
40230017.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40232080.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40251750.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
40326578.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
40414689.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40579026.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40597111.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40656312.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
40780830.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40937468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40937906.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40949470.FIL;C:\$VAULT$.AVG;Trojan.Fakealert;Deleted.;
40949877.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40950064.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40960142.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
40962236.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41142798.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41144361.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41331455.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41512298.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41692720.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41694752.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
41788750.FIL;C:\$VAULT$.AVG;Trojan.LowZones.882;Deleted.;
41877002.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
42553458.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
43272093.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
43272484.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
43554550.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
43554894.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
44190769.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
44190894.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
44804735.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
44805157.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
45023817.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
45114578.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
45115468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46201408.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46203298.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46386814.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46579564.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46618343.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
46625451.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
46753627.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46757298.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46935951.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
46936252.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
46938345.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47035297.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
47035579.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
47035751.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
47036251.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
47119736.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47126048.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47236279.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
47307986.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47309595.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47314140.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
47493267.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47540920.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
47673720.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47675455.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47838592.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
47856611.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
47858439.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48038705.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48041095.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48065954.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48133500.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
48133671.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
48134453.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
48134671.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
48134921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
48135156.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
48135265.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
48135453.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
48257235.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48961460.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
48961772.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
49170968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
49171328.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
49202739.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
49478172.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14101;Deleted.;
49478547.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
49478688.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
49478766.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
49479079.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14101;Deleted.;
49479376.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
49777812.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
50177191.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50177957.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50322066.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
50322597.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
50429582.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50429879.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50430019.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50430238.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
50751375.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
50752218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
51085657.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
51153204.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
51153579.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
51153954.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
51154094.FIL;C:\$VAULT$.AVG;Trojan.PWS.Gamania.8445;Deleted.;
52028345.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52030205.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52205111.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
52212470.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52239269.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52398252.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52576408.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
52578955.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
53306268.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
53488581.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
53630001.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.based;Deleted.;
53770515.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
53771031.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
53771328.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
53771609.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
53771984.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
54020938.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.44697;Deleted.;
54021594.FIL;C:\$VAULT$.AVG;Adware.Macfa;;
54021657.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;;
54330635.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
54436438.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
54436735.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
54457285.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
54457535.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
54621876.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
54622719.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
56670328.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
56718073.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
57053187.FIL;C:\$VAULT$.AVG;Trojan.Stars.187;Deleted.;
57099315.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
57100315.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
57242906.FIL;C:\$VAULT$.AVG;Trojan.LowZones.882;Deleted.;
57379251.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58157956.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58158299.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58512470.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58703640.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58703937.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58759738.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
58910859.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
59101955.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
60754271.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
60775519.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
60775675.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
60775738.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
60784438.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38046;Deleted.;
60942798.FIL;C:\$VAULT$.AVG;Trojan.Rond.origin;Incurable.Moved.;
62338108.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
62648640.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
62938921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
63240218.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
63318459.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
63319193.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
63396078.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
63396515.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
63396796.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
63397015.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
63397187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.12636;Deleted.;
63530782.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9624;Deleted.;
63531438.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9624;Deleted.;
63540952.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
63808581.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
63808784.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
63809081.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
63809565.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13396;Deleted.;
63809690.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
63809831.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
63810112.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
63810378.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
63842436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
64141593.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
64394643.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
64434376.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
64442155.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
64457547.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
64457812.FIL;C:\$VAULT$.AVG;Trojan.Collector;Deleted.;
64464594.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11211;Deleted.;
64483344.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
64728265.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
64728562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
64746421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
65052265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
65350530.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
65671686.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
65790830.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
65949061.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
66156205.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
66247626.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
66248032.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
66248094.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
66248188.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
66248376.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
66248922.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
66249079.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
66249266.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
66250390.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
66333095.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
66550265.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
66695517.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
66856671.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
66877330.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
67071283.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
67152608.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
67452952.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
67752905.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68053858.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68126087.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
68354436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68637205.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
68663171.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68816375.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
68816562.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
68816671.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68816843.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.14101;Deleted.;
68817390.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
68817578.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
68817781.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
68818046.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11792;Deleted.;
68818203.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
68818375.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
68962546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
69262499.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
69564390.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
69865874.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
70166155.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
70373531.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.37564;Deleted.;
70374281.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
70388812.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.37564;Deleted.;
70388937.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
70389062.FIL\data002;C:\$VAULT$.AVG\70389062.FIL;Trojan.PurityAd;;
70389062.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
70407628.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
70455025.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
70474593.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
70767233.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
70928111.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
70928564.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71047080.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71071374.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
71228423.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71383530.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
71406705.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71408611.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71593814.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71673780.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
71776642.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71811892.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71812502.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71957908.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
71969436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
72140939.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
72275468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
72327267.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
72479759.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
72480165.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
72480290.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
72508111.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
72576343.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
72687392.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
72871361.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
72877186.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
73052095.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73177983.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
73233392.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73417423.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73420830.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73477921.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
73600502.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73602345.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
73769064.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
73774814.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
73774908.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
73774955.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.14429;Deleted.;
73779468.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
74085436.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
74241505.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
74328815.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
74329018.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.17087;Deleted.;
74379968.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
74540187.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
74544734.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
74722875.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
74724953.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75350407.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
75582936.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
75614893.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75744924.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75745268.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75758628.FIL;C:\$VAULT$.AVG;Adware.Maxifiles;;
75761737.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75941315.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
75943737.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
76125737.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
76128909.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
76326362.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
76927019.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
77237859.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
77238171.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
77238328.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
77238453.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.8200;Deleted.;
77238546.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
77238656.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
77238843.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
77238937.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.8200;Deleted.;
77239062.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.32223;Deleted.;
77339895.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
77340317.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
77503656.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
77504046.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
77504296.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9625;Deleted.;
77504421.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.11196;Deleted.;
77794439.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
77811939.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
78115904.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
79034420.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
79516149.FIL;C:\$VAULT$.AVG;Adware.Relevance;;
79516462.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79516571.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79516634.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517009.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517055.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517134.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517196.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517259.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79517415.FIL;C:\$VAULT$.AVG;Trojan.Swizzor;Deleted.;
79650076.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
79931248.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80052858.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
80052952.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9785;Deleted.;
80052999.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
80053046.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80108640.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80250685.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80397391.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
80419530.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80534982.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80713140.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80832217.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
80967611.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81018999.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
81149080.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81158654.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
81330861.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81422693.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81527878.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81528346.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81611827.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
81732657.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38055;Deleted.;
81734685.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
81736641.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.24715;Deleted.;
81738532.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38055;Deleted.;
81741032.FIL;C:\$VAULT$.AVG;Adware.Ttc;;
81751110.FIL;C:\$VAULT$.AVG;Trojan.Click.17061;Deleted.;
81760735.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.37981;Deleted.;
81772126.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.240;Deleted.;
81783204.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.37340;Deleted.;
81852992.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
81916624.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
81969726.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
82037654.FIL.OLD;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
82052329.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38055;Deleted.;
82055157.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.24715;Deleted.;
82056751.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.38055;Deleted.;
82066704.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.240;Deleted.;
82216749.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
82517280.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
82521764.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
82620863.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.6074;Deleted.;
82818499.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
82828310.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
83119515.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
83127467.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.origin;Incurable.Moved.;
83167080.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.9222;Deleted.;
83204205.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
83210283.FIL;C:\$VAULT$.AVG;Trojan.Rond;Deleted.;
8323

Edited by ibuyjunkycars, 17 May 2008 - 10:11 PM.

#10
Thunderbird1988

Posted 18 May 2008 - 12:20 PM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars,

It seems the log of Dr web got cut off. This is because it was too long.

Could you please remove the lines that contain C:\$VAULT$.AVG these viruses were already cought bij AVG, so I don't really need to know that they are deleted, and they make the log too long. Please post also a new log of Combofix.

Thunderbird1988

#11
ibuyjunkycars

Posted 19 May 2008 - 03:59 AM

New Member

Topic Starter
Member
6 posts

The Combofix Log

ComboFix 08-05-11.1 - Owner 2008-05-19 2:01:12.6 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alqvmufd.ini
C:\WINDOWS\system32\ihpefsin.ini
C:\WINDOWS\system32\qsrsttwa.ini
C:\WINDOWS\system32\qsrsttwa.ini2
C:\WINDOWS\system32\uwvuttwa.ini
C:\WINDOWS\system32\uwvuttwa.ini2
C:\WINDOWS\system32\yaydwhim.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 04:35 . 2008-05-19 04:35 22 --a------ C:\WINDOWS\pskt.ini
2008-05-19 01:50 . 2008-05-19 01:50 83,072 --a------ C:\WINDOWS\system32\nisfephi.dll
2008-05-19 01:44 . 2008-05-19 01:44 98,880 --a------ C:\WINDOWS\system32\xyrecyda.dll
2008-05-19 01:41 . 2008-05-19 01:41 90,272 --a------ C:\WINDOWS\system32\qafsvjtk.dll
2008-05-18 01:44 . 2008-05-18 01:44 98,960 --a------ C:\WINDOWS\system32\kkcyaeoe.dll
2008-05-18 01:39 . 2008-05-18 01:39 90,224 --a------ C:\WINDOWS\system32\ebbrapiv.dll
2008-05-18 01:38 . 2008-05-18 01:38 314,416 --a------ C:\WINDOWS\system32\awttuvwu.dll
2008-05-18 00:12 . 2008-05-18 00:12 98,960 --a------ C:\WINDOWS\system32\qrtvkidx.dll
2008-05-17 23:58 . 2008-05-17 23:58 90,224 --a------ C:\WINDOWS\system32\kfffdgkq.dll
2008-05-17 23:57 . 2008-05-17 23:57 314,416 --a------ C:\WINDOWS\system32\awttsrsq.dll
2008-05-17 15:36 . 2008-05-17 15:36 294 ---hs---- C:\WINDOWS\system32\shidtjfg.ini
2008-05-17 09:42 . 2008-05-17 09:42 98,960 --a------ C:\WINDOWS\system32\gxrkldlk.dll
2008-05-17 09:37 . 2008-05-17 09:37 90,224 --a------ C:\WINDOWS\system32\stysmnha.dll
2008-05-17 09:36 . 2008-05-17 09:36 314,416 --a------ C:\WINDOWS\system32\awtsSmMD.dll
2008-05-17 05:01 . 2008-05-17 05:01 98,960 --a------ C:\WINDOWS\system32\aakmlafm.dll
2008-05-17 04:51 . 2008-05-17 04:51 90,224 --a------ C:\WINDOWS\system32\sfkuuysx.dll
2008-05-17 04:49 . 2008-05-17 04:49 314,416 --a------ C:\WINDOWS\system32\yayaASME.dll
2008-05-17 04:45 . 2008-05-17 04:45 294 ---hs---- C:\WINDOWS\system32\egkhpaxq.ini
2008-05-16 21:42 . 2008-05-16 21:42 98,896 --a------ C:\WINDOWS\system32\cyospmep.dll
2008-05-16 21:40 . 2008-05-16 21:40 90,240 --a------ C:\WINDOWS\system32\jnnahsbl.dll
2008-05-16 21:39 . 2008-05-16 21:39 314,448 --a------ C:\WINDOWS\system32\vtUmkLcC.dll
2008-05-16 15:16 . 2008-05-16 15:30 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-05-16 02:33 . 2008-05-16 02:33 98,960 --a------ C:\WINDOWS\system32\gtlvnevg.dll
2008-05-16 02:21 . 2008-05-16 02:21 90,304 --a------ C:\WINDOWS\system32\oaetnumf.dll
2008-05-15 22:11 . 2008-05-15 22:11 314,480 --a------ C:\WINDOWS\system32\ljJCTNhi.dll
2008-05-15 06:14 . 2008-05-15 06:14 99,008 --a------ C:\WINDOWS\system32\jisxtici.dll
2008-05-15 06:08 . 2008-05-15 06:08 90,256 --a------ C:\WINDOWS\system32\uniutcrp.dll
2008-05-15 04:14 . 2008-05-15 04:14 <DIR> d-------- C:\VundoFix Backups
2008-05-14 06:11 . 2008-05-14 06:11 99,008 --a------ C:\WINDOWS\system32\sweuawus.dll
2008-05-14 06:05 . 2008-05-14 06:05 90,288 --a------ C:\WINDOWS\system32\qitimicu.dll
2008-05-14 06:04 . 2008-05-14 06:04 314,480 --a------ C:\WINDOWS\system32\urqQjkIx.dll
2008-05-12 17:56 . 2008-05-12 17:56 314,480 --a------ C:\WINDOWS\system32\fccbBRLe.dll
2008-05-11 18:01 . 2008-05-11 18:01 98,912 --a------ C:\WINDOWS\system32\egedxelw.dll
2008-05-11 17:53 . 2008-05-11 17:53 90,208 --a------ C:\WINDOWS\system32\qcyjvhka.dll
2008-05-11 17:52 . 2008-05-11 17:52 316,464 --a------ C:\WINDOWS\system32\awtSLBSM.dll
2008-05-11 16:00 . 2008-05-11 16:00 98,912 --a------ C:\WINDOWS\system32\iyebayoo.dll
2008-05-11 15:58 . 2008-05-19 04:35 109,821 --a------ C:\WINDOWS\BMfbf9d8f9.xml
2008-05-11 15:58 . 2008-05-11 15:58 90,208 --a------ C:\WINDOWS\system32\kkvoqqvr.dll
2008-05-11 15:57 . 2008-05-11 15:57 316,464 --a------ C:\WINDOWS\system32\jkkklJYS.dll
2008-05-11 10:08 . 2008-05-11 10:08 95 --a------ C:\WINDOWS\wininit.ini
2008-05-11 01:23 . 2008-05-11 01:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 01:17 . 2008-05-11 01:17 25,728 --a------ C:\WINDOWS\system32\byXnMgec.dll
2008-05-11 01:17 . 2008-05-11 01:17 578 --a------ C:\WINDOWS\index.html
2008-05-11 00:56 . 2008-05-11 01:15 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-05-11 00:56 . 2008-05-11 01:15 35,382 --a------ C:\WINDOWS\scunin.dat
2008-05-11 00:56 . 2008-05-11 01:15 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-28 01:21 . 2008-04-28 01:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2008-04-28 01:19 . 2008-04-28 01:19 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-27 19:08 . 2008-04-27 19:08 88,524 --a------ C:\smitfrau.reg
2008-04-27 19:08 . 2006-05-27 19:03 16,824 --a------ C:\replace.cmd
2008-04-27 19:08 . 2005-10-28 17:50 3,451 --a------ C:\delfiles.cmd
2008-04-27 19:08 . 2008-04-27 19:08 1,458 --a------ C:\smitfra.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 06:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-05-19 06:24 --------- d-----w C:\Program Files\America Online 7.0
2008-05-18 14:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-11 23:24 --------- d-----w C:\Program Files\Starcraft
2008-05-11 10:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 10:02 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-11 09:36 --------- d-----w C:\Program Files\Viewpoint
2008-05-11 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-11 07:16 --------- d-----w C:\Program Files\BitLord
2008-05-06 22:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-06 19:45 --------- d-----w C:\Program Files\LimeWire
2008-04-28 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 08:04 --------- d-----w C:\Program Files\iTunes
2008-04-16 08:04 --------- d-----w C:\Program Files\iPod
2008-04-16 08:00 --------- d-----w C:\Program Files\QuickTime
2008-04-16 07:51 --------- d-----w C:\Program Files\Apple Software Update
2008-03-30 04:06 32,768 ----a-w C:\Documents and Settings\Owner\NTDLL.dll
2008-03-24 05:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-03-19 03:01 --------- d-----w C:\Program Files\Safari
2008-03-12 01:46 37,888 ----a-w C:\WINDOWS\ctatolgd.exe
2008-03-12 01:46 188,928 ----a-w C:\WINDOWS\sjebubmr.dll
2008-02-13 19:00 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\NTDLL.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_16.37.54.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 21:26:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 07:16:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2808494F-D505-47BC-B539-F4462E3B8768}]
2008-05-12 17:56 314480 --a------ C:\WINDOWS\system32\fccbBRLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41415DF3-8854-4BAF-BDDC-CB9863CB2AB7}]
2008-05-17 23:57 314416 --a------ C:\WINDOWS\system32\awttsrsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{570E6265-3316-4992-8234-B1EC0AD8094F}]
2008-05-19 04:39 314432 --a------ C:\WINDOWS\system32\ddcYoMGV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F68CAC-E6FD-462B-AD5E-A5F31FEAC798}]
2008-05-14 06:04 314480 --a------ C:\WINDOWS\system32\urqQjkIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{704821BD-659B-4787-AB24-E2D347C6A482}]
2008-05-11 17:52 316464 --a------ C:\WINDOWS\system32\awtSLBSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{802ae053-d00e-4a18-96f2-d143bb8738fc}]
2008-05-19 01:44 98880 --a------ C:\WINDOWS\system32\xyrecyda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92DCD82A-78E6-4F1C-A686-4629BDA0F8FE}]
2008-05-15 22:11 314480 --a------ C:\WINDOWS\system32\ljJCTNhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAAD4543-66F5-4D32-A100-C681F759C64D}]
2008-05-18 01:38 314416 --a------ C:\WINDOWS\system32\awttuvwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB29745F-CE68-45D9-8FED-4403D3A7F294}]
2008-05-17 09:36 314416 --a------ C:\WINDOWS\system32\awtsSmMD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
2008-05-11 01:17 25728 --a------ C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EED66CF3-9AD1-4FD7-9F41-7074E61096BF}]
2008-05-16 21:39 314448 --a------ C:\WINDOWS\system32\vtUmkLcC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBB94480-BA24-4F93-915E-8CEA7F81B9F7}]
2008-05-17 04:49 314416 --a------ C:\WINDOWS\system32\yayaASME.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:14 579584]
"f8caeb65"="C:\WINDOWS\system32\nisfephi.dll" [2008-05-19 01:50 83072]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"BMfbf9d8f9"="C:\WINDOWS\system32\qafsvjtk.dll" [2008-05-19 01:41 90272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-08 15:34 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\system32\byXnMgec.dll [2008-05-11 01:17 25728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXnMgec]
byXnMgec.dll 2008-05-11 01:17 25728 C:\WINDOWS\system32\byXnMgec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcYoMGV

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-11-07 10:29 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 22:01 50792 C:\Program Files\Common Files\AOL\1139038492\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-07-22 22:47 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-07-22 22:46 401408 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2005-05-03 09:10 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-08 01:19 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\bak\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"COM+ Messages"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aim6.exe"=
"C:\\My Downloads\\ZSNE94\\ZSNESW.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\America Online 7.0\\waol.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139038492\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-15 22:19]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 02:25:55 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-13 03:42:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 04:33:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ihpefsin.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXnMgec.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nisfephi.dll
-> C:\WINDOWS\system32\xevgsxqg.dll
-> C:\WINDOWS\system32\ddcYoMGV.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-19 4:42:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 09:41:50
ComboFix2.txt 2008-05-17 20:36:33
ComboFix3.txt 2008-05-16 03:15:30
ComboFix4.txt 2008-05-12 23:01:34
ComboFix5.txt 2008-05-11 21:39:46

Pre-Run: 13,129,814,016 bytes free
Post-Run: 13,101,264,896 bytes free

343

DRwebcureIT Log: i removed most of the AVG lines, but i left the ones that weren't deleted or moved.

sockins32.dll;c:\windows\system32;Trojan.BhoSpy.6;Deleted.;
aolconnfix.exe;C:\;Trojan.PWS.Gamania.origin;Incurable.Moved.;

28764982.FIL;C:\$VAULT$.AVG;Adware.Ttc;;

39094546.FIL;C:\$VAULT$.AVG;Adware.Macfa;;

54021594.FIL;C:\$VAULT$.AVG;Adware.Macfa;;
54021657.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;;

70389062.FIL\data002;C:\$VAULT$.AVG\70389062.FIL;Trojan.PurityAd;;

75758628.FIL;C:\$VAULT$.AVG;Adware.Maxifiles;;

79516149.FIL;C:\$VAULT$.AVG;Adware.Relevance;;

81741032.FIL;C:\$VAULT$.AVG;Adware.Ttc;;

91943515.FIL;C:\$VAULT$.AVG;Adware.Ttc;;

99321179.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;;

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;;
Process.exe;C:\Documents and Settings\Owner\Desktop\smitRem;Tool.Prockill;;
pv.exe;C:\Documents and Settings\Owner\Desktop\smitRem;Program.PrcView.3741;;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;;
restart.exe;C:\Program Files\America Online 7.0\download\SmitfraudFix;Tool.ShutDown.11;;
Bar888.dll.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\{38CAE~2;Adware.Macfa;;
UnInstall.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\{38CAE~2;Adware.IWantSearch;;
QdrDrive15.dll.vir;C:\QooBox\Quarantine\C\Program Files\QdrDrive;Adware.SearchAid.origin;;
A0166041.sys;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP566;Trojan.Fakealert.458;Deleted.;
A0167093.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.DownLoader.17040;Deleted.;
A0167094.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.DownLoader.17799;Deleted.;
A0167095.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Click.4946;Deleted.;
A0167096.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Rond;Deleted.;
A0167097.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.SearchAid.origin;;
A0167098.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.SearchAid.54;;
A0167099.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.SearchAid.38;;
A0167100.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.SearchAid.38;;
A0167102.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Click.origin;Incurable.Moved.;
A0167103.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Click.origin;Incurable.Moved.;
A0167104.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Click.origin;Incurable.Moved.;
A0167105.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Trojan.Click.18769;Deleted.;
A0167106.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Tool.Prockill;;
A0167107.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.Lucky;;
A0167108.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.NewDotNet;;
A0167109.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP574;Adware.Mirarbar;;
A0168099.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP577;Trojan.Packed.383;Deleted.;
A0168166.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP581;Trojan.Stars.187;Deleted.;
A0174307.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP624;Adware.WebHancer.origin;;
A0174308.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP624;Adware.WebHancer.73;;
A0174351.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP625;Adware.WebHancer;;
A0174352.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP625;Adware.WebHancer;;
A0174411.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP625;Trojan.Insider;Deleted.;
A0174421.bat;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP625;Probably SCRIPT.Virus;;
A0175428.bat;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP625;Probably SCRIPT.Virus;;
A0175461.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Adware.SearchAid.origin;;
A0175501.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Adware.Macfa;;
A0175502.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Adware.IWantSearch;;
A0175519.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Trojan.Click.origin;Incurable.Moved.;
A0175521.EXE;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Program.PsExec.170;;
A0175541.bat;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP626;Probably SCRIPT.Virus;;
A0176580.EXE;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP629;Program.PsExec.170;;
A0176589.bat;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP629;Probably SCRIPT.Virus;;
A0177639.EXE;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Program.PsExec.170;;
A0177649.bat;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Probably SCRIPT.Virus;;
A0177690.dll;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.BhoSpy.6;Deleted.;
A0177691.exe;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.PWS.Gamania.origin;Incurable.Moved.;
A0177692.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177693.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177694.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177695.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177696.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177697.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177698.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177699.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177700.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177701.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177702.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177703.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177704.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.9625;Deleted.;
A0177705.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177706.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;
A0177707.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.origin;Incurable.Moved.;
A0177708.OLD;C:\System Volume Information\_restore{5409B99B-9044-4252-9531-97F6227D8CB2}\RP632;Trojan.MulDrop.6074;Deleted.;

#12
Thunderbird1988

Posted 20 May 2008 - 11:35 AM

Member 2k

Member
2,416 posts

Hello ibuyjunkycars
1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\nisfephi.dll
C:\WINDOWS\system32\xyrecyda.dll
C:\WINDOWS\system32\qafsvjtk.dll
C:\WINDOWS\system32\kkcyaeoe.dll
C:\WINDOWS\system32\ebbrapiv.dll
C:\WINDOWS\system32\awttuvwu.dll
C:\WINDOWS\system32\qrtvkidx.dll
C:\WINDOWS\system32\kfffdgkq.dll
C:\WINDOWS\system32\awttsrsq.dll
C:\WINDOWS\system32\shidtjfg.ini
C:\WINDOWS\system32\gxrkldlk.dll
C:\WINDOWS\system32\stysmnha.dll
C:\WINDOWS\system32\awtsSmMD.dll
C:\WINDOWS\system32\aakmlafm.dll
C:\WINDOWS\system32\sfkuuysx.dll
C:\WINDOWS\system32\yayaASME.dll
C:\WINDOWS\system32\egkhpaxq.ini
C:\WINDOWS\system32\cyospmep.dll
C:\WINDOWS\system32\jnnahsbl.dll
C:\WINDOWS\system32\vtUmkLcC.dll
C:\WINDOWS\system32\gtlvnevg.dll
C:\WINDOWS\system32\oaetnumf.dll
C:\WINDOWS\system32\ljJCTNhi.dll
C:\WINDOWS\system32\jisxtici.dll
C:\WINDOWS\system32\sweuawus.dll
C:\WINDOWS\system32\qitimicu.dll
C:\WINDOWS\system32\urqQjkIx.dll
C:\WINDOWS\system32\fccbBRLe.dll
C:\WINDOWS\system32\egedxelw.dll
C:\WINDOWS\system32\qcyjvhka.dll
C:\WINDOWS\system32\awtSLBSM.dll
C:\WINDOWS\system32\iyebayoo.dll
C:\WINDOWS\BMfbf9d8f9.xml
C:\WINDOWS\system32\kkvoqqvr.dll
C:\WINDOWS\system32\jkkklJYS.dll
C:\WINDOWS\system32\uniutcrp.dll
C:\WINDOWS\system32\byXnMgec.dll
C:\WINDOWS\ctatolgd.exe
C:\WINDOWS\sjebubmr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2808494F-D505-47BC-B539-F4462E3B8768}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41415DF3-8854-4BAF-BDDC-CB9863CB2AB7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{570E6265-3316-4992-8234-B1EC0AD8094F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68F68CAC-E6FD-462B-AD5E-A5F31FEAC798}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{704821BD-659B-4787-AB24-E2D347C6A482}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{802ae053-d00e-4a18-96f2-d143bb8738fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92DCD82A-78E6-4F1C-A686-4629BDA0F8FE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAAD4543-66F5-4D32-A100-C681F759C64D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB29745F-CE68-45D9-8FED-4403D3A7F294}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EED66CF3-9AD1-4FD7-9F41-7074E61096BF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FBB94480-BA24-4F93-915E-8CEA7F81B9F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f8caeb65"=-
"BMfbf9d8f9"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXnMgec]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post With a new log of COmbofix and a new HJTlog.

Thunderbird1988

#13
Thunderbird1988

Posted 02 June 2008 - 11:53 PM

Member 2k

Member
2,416 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.