Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SmitFraud.c

Started by Kevin5899 , Jan 17 2008 09:53 PM

  • Please log in to reply

#1
Kevin5899
Posted 17 January 2008 - 09:53 PM

Kevin5899

    Member

  • Member
  • PipPip
  • 13 posts
After about a week of nights researching this smitfraud thing I finally landed here. I have read through countless forums and web pages on how to clear it out but to no avail. I like to try to do things myself without having to bother others but I just can't do this myself. I am no pro with the computer, but I know plenty enough to get myself in trouble. To make matters worse, everywhere I looked gave different advice. It is truly overwhelming. Also, it seems every site has there own version of spyware that is better than everyone else's. Seems they all want you to download their program, which merely scans your system, then sock you $30 to clean it up. Don't get me wrong, I would gladly buy a $30 program if I knew it would work, but the more I read the less I trusted these programs. I already downloaded Spyhunter, which now I can't get rid of! I have read where some of these programs actually add more spyware to your system.

I have already tried smitfraudfix, but no dice. Spybot can detect it but not remove it. I have read a post on this forum about a successful removal but I was afraid to go through the same steps without a helping hand. I am not comfortable deleting or changing files unless instructed by someone much more advanced than myself.

I also had Virtumondo, but I seem to have that solved. My symptoms are multiple popups (all IE) and now my task bar is white. Also, my task manager is completely different. There are no tabs such as "Applications" or "Performance".

I am running XP PRO SP2.

From the posts I have read there are some extremely knowledgeable folks here on this forum. Hopefully someone can help me out. Thanks in advance to any suggestions!!

My HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:41 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Canon\BJCard\Bjmcmng.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F3FE70D-BEEE-4686-A77B-119A6ED8416E} - (no file)
O2 - BHO: (no name) - {2ee27f87-e50d-44d8-858c-00c31201f332} - (no file)
O2 - BHO: (no name) - {31DB44B9-2830-4D77-8C59-340033F9A4E1} - D:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {380C7BCF-EDC0-4FA3-B0AD-CD15CBA04185} - (no file)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - (no file)
O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O2 - BHO: (no name) - {D567E6D1-9E74-4B10-9764-A33F4290B2FC} - (no file)
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - D:\WINDOWS\AUTOLO~1\AL2DLL.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {C10A16B7-70FE-4CE3-A261-6FBA7CC3DD5B} - (no file)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\RunOnce: [SpybotDeletingA278] command /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9896] cmd /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4454] command /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3942] cmd /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9401] command /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4511] cmd /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9535] command /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4686] cmd /c del "D:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\Policies\Explorer\Run: [KEVINSPEWTER] .vbe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O20 - Winlogon Notify: avgwlntf - D:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: ( ) - - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - D:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6815 bytes
  • 0

Advertisements

#2
Kevin5899
Posted 19 January 2008 - 01:23 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems this virus is still doing damage. I am now unable to open any new Firefox windows (at least not from the desktop icon), and I cannot open any pdf files in Acrobat. :)
  • 0

#3
jwbirdsong
Posted 19 January 2008 - 05:50 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
Download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

Please then reboot your computer in Safe Mode (without Networking) by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the C:\SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here along with a Combofix log..(below)

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply .
  • 0

#4
Kevin5899
Posted 20 January 2008 - 07:53 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
jwbirdsong, thank you so much for your assistance on this issue. This virus is pesky and will make a person crazy! I did the steps you suggested. Here are the logs as you requested.

The SDFix log:


SDFix: Version 1.129

Run by kevin on Sat 01/19/2008 at 09:11 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

D:\WINDOWS\SYSTEM32\41AE88F8.DLL - Deleted
D:\WINDOWS\SYSTEM32\41AE8F3D.DLL - Deleted
D:\DOCUME~1\KEVIN\APPLIC~1\MICROS~1\WINDOWS\FDSJWU~1.EXE - Deleted
D:\PROGRA~1\ONLINE~1\PROJY~1.HTM - Deleted
D:\PROGRA~1\ONLINE~1\LAZU - Deleted
D:\WINDOWS\Fonts\*.zip - 1 File(s) 118,336 bytes - Deleted





Removing Temp Files...

ADS Check:

D:\WINDOWS
No streams found.

D:\WINDOWS\system32
No streams found.

D:\WINDOWS\system32\svchost.exe
No streams found.

D:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 21:28:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - D:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 30 May 2006 61,952 ...H. --- "D:\Program Files\MSN\msnupdate!@#@.exe"
Tue 30 May 2006 308,224 ...H. --- "D:\Program Files\MSN\txsrvc.dll"
Tue 30 May 2006 302,592 ...H. --- "D:\Program Files\MSN\unicows.dll"
Fri 20 Oct 2006 121,344 ...H. --- "D:\Documents and Settings\kevin\Application Data\MSN6\msnupdate!@#@.exe"

Finished!


And the Combofix log:

ComboFix 08-01-18.5 - kevin 2008-01-20 6:04:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.816 [GMT -6:00]
Running from: D:\Documents and Settings\kevin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-19 21:10 . 2008-01-19 21:10 <DIR> d-------- D:\WINDOWS\ERUNT
2008-01-18 17:55 . 2008-01-18 17:55 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-18 17:55 . 2008-01-18 17:55 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-18 14:25 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-17 21:51 . 2008-01-17 21:51 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-17 19:27 . 2008-01-17 19:27 <DIR> d-------- D:\Program Files\Enigma Software Group
2008-01-16 21:45 . 2008-01-16 21:52 1,140 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-16 21:42 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-01-16 21:42 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-01-16 21:42 . 2007-12-20 23:11 81,920 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-01-16 21:42 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-01-16 21:42 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-01-16 21:42 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-01-16 18:17 . 2008-01-16 18:17 10,000 -r-hs---- D:\WINDOWS\system32\.vbe
2008-01-16 18:17 . 2008-01-16 18:17 10,000 -r-hs---- D:\WINDOWS\.vbe
2008-01-15 21:09 . 2008-01-15 21:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-13 09:32 . 2008-01-13 09:32 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\Novosoft
2008-01-12 16:15 . 2008-01-13 20:39 <DIR> d-------- D:\VundoFix Backups
2008-01-12 15:38 . 2008-01-13 09:36 <DIR> d-------- D:\Program Files\Windows Live Safety Center
2008-01-10 21:29 . 2008-01-10 21:29 <DIR> d-------- D:\Program Files\Novosoft
2008-01-10 20:44 . 2008-01-13 19:54 <DIR> d-------- D:\Program Files\RegScrubXP
2008-01-10 19:58 . 2008-01-13 18:32 <DIR> d-------- D:\WINDOWS\system32\edcA18
2008-01-10 19:58 . 2008-01-10 19:58 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 17:47 . 2008-01-10 19:58 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\ErrorSmart
2008-01-10 17:39 . 2008-01-10 19:58 <DIR> d-------- D:\Program Files\CCleaner
2008-01-09 20:44 . 2008-01-10 19:58 <DIR> d-------- D:\WINDOWS\system32\usmvt3
2008-01-09 20:44 . 2008-01-13 03:30 <DIR> d-------- D:\WINDOWS\system32\oobe3
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\drivez4
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\comp2
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\cache3
2008-01-09 20:44 . 2008-01-13 18:32 <DIR> d-------- D:\WINDOWS\system32\ardCo18
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d--hs---- D:\WINDOWS\a2V2aW4
2008-01-08 21:16 . 2008-01-08 21:16 <DIR> d-------- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-01-08 21:09 . 2008-01-08 21:09 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-01-01 09:37 . 2008-01-02 20:56 <DIR> d-------- D:\Program Files\Magellan
2007-12-23 09:18 . 2007-12-23 09:23 <DIR> d-------- D:\Program Files\CDex_150

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 11:47 --------- d-----w D:\Documents and Settings\kevin\Application Data\AVG7
2008-01-19 02:07 --------- d-----w D:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-17 04:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 00:17 10,000 --sh--r D:\WINDOWS\system32\.vbe
2008-01-17 00:17 10,000 --sh--r D:\WINDOWS\.vbe
2008-01-16 07:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\AVG7
2008-01-16 02:25 --------- d-----w D:\Documents and Settings\Hunter\Application Data\AVG7
2008-01-13 09:37 --------- d-----w D:\Program Files\SP2 Connection Patcher
2008-01-12 02:20 --------- d-----w D:\Program Files\Common Files\Adobe
2008-01-11 01:58 --------- d-----w D:\Program Files\PopUp Killer
2008-01-10 00:32 420 ----a-w D:\Program Files\MLProps.ini
2008-01-10 00:32 3,622 ----a-w D:\Program Files\MMCDi.xml
2008-01-10 00:32 284 ----a-w D:\Program Files\DefaultPlayList.m3u
2008-01-10 00:32 214 ----a-w D:\Program Files\RECache.idx
2008-01-10 00:32 21,101 ----a-w D:\Program Files\MMPlayPref.log
2008-01-10 00:32 2,460 ----a-w D:\Program Files\Wild.log
2008-01-10 00:32 19,855 ----a-w D:\Program Files\userinfo.dat
2008-01-10 00:32 128,046 ----a-w D:\Program Files\mmjblog.txt
2008-01-10 00:32 104,467 ----a-w D:\Program Files\altlog.txt
2008-01-10 00:25 4,400 ----a-w D:\Program Files\MMCD.INI
2008-01-09 10:49 --------- d-----w D:\Program Files\Common Files\owzi
2008-01-03 02:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-23 23:57 618 ----a-w D:\Program Files\LogA-0003.log
2007-12-23 15:18 --------- d-----w D:\Program Files\Html
2007-12-23 15:03 553 ----a-w D:\Program Files\Tagger.log
2007-12-23 15:03 524 ----a-w D:\Program Files\Certificate.mmc
2007-12-23 15:03 0 ----a-w D:\Program Files\xamresp.xml
2007-12-23 15:03 --------- d-----w D:\Program Files\Cache
2007-12-23 15:02 297 ----a-w D:\Program Files\xamreq.xml
2007-12-11 00:56 10,019 ----a-w D:\Program Files\QCF.xml
2007-12-09 19:32 --------- d-----w D:\Program Files\The Learning Company
2007-12-07 23:37 --------- d-----w D:\Program Files\Virtual Earth 3D
2007-11-28 14:23 --------- d-----w D:\Documents and Settings\kevin\Application Data\Snapfish
2007-08-30 00:37 8,809 ----a-w D:\Program Files\MMJB.RPT
2006-10-16 03:19 253,087 ----a-w D:\Program Files\CardWiper.zip
2006-10-16 03:17 112,477 ----a-w D:\Program Files\SmartMediaFormatutility.zip
2005-10-29 03:00 4,878,136 ----a-w D:\Program Files\Firefox%20Setup%201.0.7.exe
2004-01-17 03:57 10,752 --sha-w D:\Program Files\Thumbs.db
2003-09-09 03:35 11 ----a-w D:\Program Files\delete.cfg
2003-09-08 02:41 11,068 ----a-w D:\Program Files\Backup.ddf
2003-09-08 02:33 24,576 ----a-w D:\Program Files\wnaspint.dll
2003-09-08 02:13 855 ----a-w D:\Program Files\MMJBBurn.RPT
2003-09-08 02:08 372 ----a-w D:\Program Files\PluginTableCache.dat
2003-09-08 02:00 162,568 ----a-w D:\Program Files\Uninst.isu
2002-05-21 20:09 13,145 ----a-w D:\Program Files\MrbFList.cfg
2002-05-21 00:40 61,440 ----a-w D:\Program Files\mmreg.dll
2002-05-21 00:40 53,248 ----a-w D:\Program Files\FileAssoc.dll
2002-05-21 00:40 401,462 ----a-w D:\Program Files\msvcp60.dll
2002-05-21 00:40 36,864 ----a-w D:\Program Files\RefreshIcon.exe
2002-05-21 00:40 24,576 ----a-w D:\Program Files\preferences.dll
2002-05-21 00:40 167,936 ----a-w D:\Program Files\mmjbloc.dll
2002-05-21 00:40 135,242 ----a-w D:\Program Files\mmInstall.dll
2002-05-21 00:36 98,304 ----a-w D:\Program Files\mmportal.dll
2002-05-21 00:36 94,208 ----a-w D:\Program Files\TrackListPrinter.dll
2002-05-21 00:36 90,112 ----a-w D:\Program Files\mm_tray.exe
2002-05-21 00:36 90,112 ----a-w D:\Program Files\cds.dll
2002-05-21 00:36 81,920 ----a-w D:\Program Files\mmjbctrl.ocx
2002-05-21 00:36 81,920 ----a-w D:\Program Files\MMFWCtrl.ocx
2002-05-21 00:36 73,728 ----a-w D:\Program Files\ObjectManager.dll
2002-05-21 00:36 73,728 ----a-w D:\Program Files\mmuiserv.dll
2002-05-21 00:36 7,270 ----a-w D:\Program Files\TrackListConfig.ini
2002-05-21 00:36 69,632 ----a-w D:\Program Files\xanalyze.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\StgCdr.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\mmdiag.exe
2002-05-21 00:36 65,536 ----a-w D:\Program Files\JewelCasePrinter.dll
2002-05-21 00:36 57,344 ----a-w D:\Program Files\FileCacheMgr.dll
2002-05-21 00:36 565,248 ----a-w D:\Program Files\MMJBBurn.exe
2002-05-21 00:36 53,248 ----a-w D:\Program Files\FWRun.dll
2002-05-21 00:36 518 ----a-w D:\Program Files\mmjb.exe.manifest
2002-05-21 00:36 5,848 ----a-w D:\Program Files\drives.ini
2002-05-21 00:36 5,120 ----a-w D:\Program Files\mscdex16.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\linein.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\digital.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\fileco.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\DestinationWavDll.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\analog.dll
2002-05-21 00:36 442,368 ----a-w D:\Program Files\ti.exe
2002-05-21 00:36 419 ----a-w D:\Program Files\PluginsCache.dat
2002-05-21 00:36 401,536 ----a-w D:\Program Files\MMSecurity.dll
2002-05-21 00:36 40,960 ----a-w D:\Program Files\unmatch.dll
2002-05-21 00:36 398 ----a-w D:\Program Files\DefaultQCF.xml
2002-05-21 00:36 393,299 ----a-w D:\Program Files\libmmd.dll
2002-05-21 00:36 390 ----a-w D:\Program Files\MmjbVersion.lic
2002-05-21 00:36 38,912 ----a-w D:\Program Files\MMJBLaunch.exe
2002-05-21 00:36 338 ----a-w D:\Program Files\mmz_exp.lst
2002-05-21 00:36 332 ----a-w D:\Program Files\mmz.lst
2002-05-21 00:36 32,768 ----a-w D:\Program Files\MmjbVersion.ocx
2002-05-21 00:36 32,768 ----a-w D:\Program Files\mixer.dll
2002-05-21 00:36 307,200 ----a-w D:\Program Files\mmcd.dll
2002-05-21 00:36 3,426 ----a-w D:\Program Files\DestinationWavDll.vp
2002-05-21 00:36 28,672 ----a-w D:\Program Files\record.dll
2002-05-21 00:36 28,672 ----a-w D:\Program Files\mmrio.dll
2002-05-21 00:36 274,432 ----a-w D:\Program Files\xaudio.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice2.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmzip32.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\MMPurchase.exe
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmjbrun.exe
2002-05-21 00:36 229,376 ----a-w D:\Program Files\MMRadioEngine.dll
2002-05-21 00:36 218 ----a-w D:\Program Files\ProvisionalCert.mmc
.
<pre>
----a-w		   507,904 2008-01-13 15:31:56  D:\Program Files\Novosoft\Handy Backup 2.0\nhbwp .exe
----a-w		   409,600 2008-01-13 02:33:10  D:\Program Files\SP2 Connection Patcher\SP2ConnPatcher .exe
----a-w		 1,460,560 2008-01-13 15:32:02  D:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-01-19_21.09.05.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-20 03:10:57 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:57 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-20 03:10:46 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:46 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-01-20 02:58:53 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-01-20 12:04:11 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-01-20 02:58:53 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-01-20 12:04:11 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F3FE70D-BEEE-4686-A77B-119A6ED8416E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ee27f87-e50d-44d8-858c-00c31201f332}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31DB44B9-2830-4D77-8C59-340033F9A4E1}]
D:\WINDOWS\system32\vturo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{380C7BCF-EDC0-4FA3-B0AD-CD15CBA04185}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79F562E5-768C-4494-8E6C-824ADA4A9C2C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D567E6D1-9E74-4B10-9764-A33F4290B2FC}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-07 17:35 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-07 17:36 9216 D:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-08-23 22:02 416256 D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 20:26 368706 D:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 05:24 196608 D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
--a------ 2002-01-17 09:40 40448 D:\WINDOWS\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
--a------ 2000-10-05 00:00 86016 D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-08-24 06:51 442455 D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-13 20:05 98304 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 02:31 53248 D:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 15:19 129536 D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2006-07-21 09:43 407032 D:\PROGRA~1\Yahoo!\YOP\yop.exe

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-31 01:18]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R3 FilterService2;Canon BJ Hid Usb Filter Service2;D:\WINDOWS\system32\DRIVERS\bjhid2.sys [2003-06-17 03:43]
R3 Intels51;Intel® 536EP Modem;D:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 09:44]
R3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S3 hp4200c;%usbscan.SvcDesc%;D:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fd07fd-970b-11dc-9e76-0013d3b922b1}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4716d786-a85e-11dc-9e81-0013d3b922b1}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfce7f19-a9ef-11dc-9e82-000000000000}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 08:03:00 D:\WINDOWS\Tasks\Disk Cleanup.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
"2008-01-14 08:01:00 D:\WINDOWS\Tasks\Disk Defragmenter.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
"2008-01-20 09:30:00 D:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- D:\Program Files\ErrorSmart\ErrorSmart.ex
- D:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 06:05:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 6:06:13
ComboFix-quarantined-files.txt 2008-01-20 12:05:50
ComboFix2.txt 2008-01-20 03:09:28
  • 0

#5
jwbirdsong
Posted 21 January 2008 - 10:12 AM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
Open a new notepad 'page' and copy/paste the text in the codebox below to it:

Renv::
----a-w		   507,904 2008-01-13 15:31:56  D:\Program Files\Novosoft\Handy Backup 2.0\nhbwp .exe
----a-w		   409,600 2008-01-13 02:33:10  D:\Program Files\SP2 Connection Patcher\SP2ConnPatcher .exe
----a-w		 1,460,560 2008-01-13 15:32:02  D:\Program Files\Spybot - Search & Destroy\TeaTimer .exe


File::
D:\WINDOWS\system32\.vbe
 D:\WINDOWS\.vbe
Folder::
D:\WINDOWS\system32\edcA18
D:\WINDOWS\a2V2aW4
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F3FE70D-BEEE-4686-A77B-119A6ED8416E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ee27f87-e50d-44d8-858c-00c31201f332}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31DB44B9-2830-4D77-8C59-340033F9A4E1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{380C7BCF-EDC0-4FA3-B0AD-CD15CBA04185}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79F562E5-768C-4494-8E6C-824ADA4A9C2C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D567E6D1-9E74-4B10-9764-A33F4290B2FC}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fd07fd-970b-11dc-9e76-0013d3b922b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4716d786-a85e-11dc-9e81-0013d3b922b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfce7f19-a9ef-11dc-9e82-000000000000}]
Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot post the contents of Combofix.txt in your next reply
  • 0

#6
Kevin5899
Posted 21 January 2008 - 09:26 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK jwbirdsong, I did it and here is the latest Combofix log.

Thank you!!!

ComboFix 08-01-18.5 - kevin 2008-01-21 21:09:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.687 [GMT -6:00]
Running from: D:\Documents and Settings\kevin\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\kevin\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
D:\WINDOWS\.vbe
D:\WINDOWS\system32\.vbe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\.vbe
D:\WINDOWS\a2V2aW4
D:\WINDOWS\system32\.vbe
D:\WINDOWS\system32\edcA18

.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.

2008-01-20 06:18 . 2008-01-20 06:18 10,000 -r-hs---- D:\WINDOWS\system32\o.vbs
2008-01-19 21:10 . 2008-01-19 21:10 <DIR> d-------- D:\WINDOWS\ERUNT
2008-01-18 17:55 . 2008-01-18 17:55 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-18 17:55 . 2008-01-18 17:55 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-18 14:25 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-17 21:51 . 2008-01-17 21:51 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-17 19:27 . 2008-01-17 19:27 <DIR> d-------- D:\Program Files\Enigma Software Group
2008-01-16 21:45 . 2008-01-16 21:52 1,140 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-16 21:42 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-01-16 21:42 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-01-16 21:42 . 2007-12-20 23:11 81,920 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-01-16 21:42 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-01-16 21:42 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-01-16 21:42 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-01-15 21:09 . 2008-01-15 21:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-13 09:32 . 2008-01-13 09:32 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\Novosoft
2008-01-12 16:15 . 2008-01-13 20:39 <DIR> d-------- D:\VundoFix Backups
2008-01-12 15:38 . 2008-01-13 09:36 <DIR> d-------- D:\Program Files\Windows Live Safety Center
2008-01-10 21:29 . 2008-01-10 21:29 <DIR> d-------- D:\Program Files\Novosoft
2008-01-10 20:44 . 2008-01-13 19:54 <DIR> d-------- D:\Program Files\RegScrubXP
2008-01-10 19:58 . 2008-01-10 19:58 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 17:47 . 2008-01-10 19:58 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\ErrorSmart
2008-01-10 17:39 . 2008-01-10 19:58 <DIR> d-------- D:\Program Files\CCleaner
2008-01-09 20:44 . 2008-01-10 19:58 <DIR> d-------- D:\WINDOWS\system32\usmvt3
2008-01-09 20:44 . 2008-01-13 03:30 <DIR> d-------- D:\WINDOWS\system32\oobe3
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\drivez4
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\comp2
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\cache3
2008-01-09 20:44 . 2008-01-13 18:32 <DIR> d-------- D:\WINDOWS\system32\ardCo18
2008-01-08 21:16 . 2008-01-08 21:16 <DIR> d-------- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-01-08 21:09 . 2008-01-08 21:09 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-01-01 09:37 . 2008-01-02 20:56 <DIR> d-------- D:\Program Files\Magellan
2007-12-23 09:18 . 2007-12-23 09:23 <DIR> d-------- D:\Program Files\CDex_150

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 03:09 --------- d-----w D:\Program Files\SP2 Connection Patcher
2008-01-21 12:58 --------- d-----w D:\Documents and Settings\kevin\Application Data\AVG7
2008-01-19 02:07 --------- d-----w D:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-17 04:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 07:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\AVG7
2008-01-16 02:25 --------- d-----w D:\Documents and Settings\Hunter\Application Data\AVG7
2008-01-12 02:20 --------- d-----w D:\Program Files\Common Files\Adobe
2008-01-11 01:58 --------- d-----w D:\Program Files\PopUp Killer
2008-01-10 00:32 420 ----a-w D:\Program Files\MLProps.ini
2008-01-10 00:32 3,622 ----a-w D:\Program Files\MMCDi.xml
2008-01-10 00:32 284 ----a-w D:\Program Files\DefaultPlayList.m3u
2008-01-10 00:32 214 ----a-w D:\Program Files\RECache.idx
2008-01-10 00:32 21,101 ----a-w D:\Program Files\MMPlayPref.log
2008-01-10 00:32 2,460 ----a-w D:\Program Files\Wild.log
2008-01-10 00:32 19,855 ----a-w D:\Program Files\userinfo.dat
2008-01-10 00:32 128,046 ----a-w D:\Program Files\mmjblog.txt
2008-01-10 00:32 104,467 ----a-w D:\Program Files\altlog.txt
2008-01-10 00:25 4,400 ----a-w D:\Program Files\MMCD.INI
2008-01-09 10:49 --------- d-----w D:\Program Files\Common Files\owzi
2008-01-03 02:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-23 23:57 618 ----a-w D:\Program Files\LogA-0003.log
2007-12-23 15:18 --------- d-----w D:\Program Files\Html
2007-12-23 15:03 553 ----a-w D:\Program Files\Tagger.log
2007-12-23 15:03 524 ----a-w D:\Program Files\Certificate.mmc
2007-12-23 15:03 0 ----a-w D:\Program Files\xamresp.xml
2007-12-23 15:03 --------- d-----w D:\Program Files\Cache
2007-12-23 15:02 297 ----a-w D:\Program Files\xamreq.xml
2007-12-11 00:56 10,019 ----a-w D:\Program Files\QCF.xml
2007-12-09 19:32 --------- d-----w D:\Program Files\The Learning Company
2007-12-07 23:37 --------- d-----w D:\Program Files\Virtual Earth 3D
2007-11-28 14:23 --------- d-----w D:\Documents and Settings\kevin\Application Data\Snapfish
2007-08-30 00:37 8,809 ----a-w D:\Program Files\MMJB.RPT
2006-10-16 03:19 253,087 ----a-w D:\Program Files\CardWiper.zip
2006-10-16 03:17 112,477 ----a-w D:\Program Files\SmartMediaFormatutility.zip
2005-10-29 03:00 4,878,136 ----a-w D:\Program Files\Firefox%20Setup%201.0.7.exe
2004-01-17 03:57 10,752 --sha-w D:\Program Files\Thumbs.db
2003-09-09 03:35 11 ----a-w D:\Program Files\delete.cfg
2003-09-08 02:41 11,068 ----a-w D:\Program Files\Backup.ddf
2003-09-08 02:33 24,576 ----a-w D:\Program Files\wnaspint.dll
2003-09-08 02:13 855 ----a-w D:\Program Files\MMJBBurn.RPT
2003-09-08 02:08 372 ----a-w D:\Program Files\PluginTableCache.dat
2003-09-08 02:00 162,568 ----a-w D:\Program Files\Uninst.isu
2002-05-21 20:09 13,145 ----a-w D:\Program Files\MrbFList.cfg
2002-05-21 00:40 61,440 ----a-w D:\Program Files\mmreg.dll
2002-05-21 00:40 53,248 ----a-w D:\Program Files\FileAssoc.dll
2002-05-21 00:40 401,462 ----a-w D:\Program Files\msvcp60.dll
2002-05-21 00:40 36,864 ----a-w D:\Program Files\RefreshIcon.exe
2002-05-21 00:40 24,576 ----a-w D:\Program Files\preferences.dll
2002-05-21 00:40 167,936 ----a-w D:\Program Files\mmjbloc.dll
2002-05-21 00:40 135,242 ----a-w D:\Program Files\mmInstall.dll
2002-05-21 00:36 98,304 ----a-w D:\Program Files\mmportal.dll
2002-05-21 00:36 94,208 ----a-w D:\Program Files\TrackListPrinter.dll
2002-05-21 00:36 90,112 ----a-w D:\Program Files\mm_tray.exe
2002-05-21 00:36 90,112 ----a-w D:\Program Files\cds.dll
2002-05-21 00:36 81,920 ----a-w D:\Program Files\mmjbctrl.ocx
2002-05-21 00:36 81,920 ----a-w D:\Program Files\MMFWCtrl.ocx
2002-05-21 00:36 73,728 ----a-w D:\Program Files\ObjectManager.dll
2002-05-21 00:36 73,728 ----a-w D:\Program Files\mmuiserv.dll
2002-05-21 00:36 7,270 ----a-w D:\Program Files\TrackListConfig.ini
2002-05-21 00:36 69,632 ----a-w D:\Program Files\xanalyze.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\StgCdr.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\mmdiag.exe
2002-05-21 00:36 65,536 ----a-w D:\Program Files\JewelCasePrinter.dll
2002-05-21 00:36 57,344 ----a-w D:\Program Files\FileCacheMgr.dll
2002-05-21 00:36 565,248 ----a-w D:\Program Files\MMJBBurn.exe
2002-05-21 00:36 53,248 ----a-w D:\Program Files\FWRun.dll
2002-05-21 00:36 518 ----a-w D:\Program Files\mmjb.exe.manifest
2002-05-21 00:36 5,848 ----a-w D:\Program Files\drives.ini
2002-05-21 00:36 5,120 ----a-w D:\Program Files\mscdex16.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\linein.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\digital.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\fileco.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\DestinationWavDll.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\analog.dll
2002-05-21 00:36 442,368 ----a-w D:\Program Files\ti.exe
2002-05-21 00:36 419 ----a-w D:\Program Files\PluginsCache.dat
2002-05-21 00:36 401,536 ----a-w D:\Program Files\MMSecurity.dll
2002-05-21 00:36 40,960 ----a-w D:\Program Files\unmatch.dll
2002-05-21 00:36 398 ----a-w D:\Program Files\DefaultQCF.xml
2002-05-21 00:36 393,299 ----a-w D:\Program Files\libmmd.dll
2002-05-21 00:36 390 ----a-w D:\Program Files\MmjbVersion.lic
2002-05-21 00:36 38,912 ----a-w D:\Program Files\MMJBLaunch.exe
2002-05-21 00:36 338 ----a-w D:\Program Files\mmz_exp.lst
2002-05-21 00:36 332 ----a-w D:\Program Files\mmz.lst
2002-05-21 00:36 32,768 ----a-w D:\Program Files\MmjbVersion.ocx
2002-05-21 00:36 32,768 ----a-w D:\Program Files\mixer.dll
2002-05-21 00:36 307,200 ----a-w D:\Program Files\mmcd.dll
2002-05-21 00:36 3,426 ----a-w D:\Program Files\DestinationWavDll.vp
2002-05-21 00:36 28,672 ----a-w D:\Program Files\record.dll
2002-05-21 00:36 28,672 ----a-w D:\Program Files\mmrio.dll
2002-05-21 00:36 274,432 ----a-w D:\Program Files\xaudio.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice2.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmzip32.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\MMPurchase.exe
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmjbrun.exe
2002-05-21 00:36 229,376 ----a-w D:\Program Files\MMRadioEngine.dll
2002-05-21 00:36 218 ----a-w D:\Program Files\ProvisionalCert.mmc
2002-05-21 00:36 217,088 ----a-w D:\Program Files\mmsal32.dll
2002-05-21 00:36 200 ----a-w D:\Program Files\MMSetup.ini
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_21.09.05.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 02:56:46 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 03:08:53 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 02:56:46 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 03:08:53 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 02:56:49 7,843,840 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-22 03:08:53 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-20 02:56:49 434,176 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 03:08:53 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 03:08:54 7,843,840 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-22 03:08:54 434,176 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-20 03:10:57 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:57 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-20 03:10:46 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:46 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-01-20 02:58:53 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-01-20 12:21:28 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-01-20 02:58:53 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-01-20 12:21:28 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-07 17:35 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"KEVINSPEWTER"= .vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-07 17:36 9216 D:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-08-23 22:02 416256 D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 20:26 368706 D:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 05:24 196608 D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
--a------ 2002-01-17 09:40 40448 D:\WINDOWS\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
--a------ 2000-10-05 00:00 86016 D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-08-24 06:51 442455 D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-13 20:05 98304 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 02:31 53248 D:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 15:19 129536 D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2006-07-21 09:43 407032 D:\PROGRA~1\Yahoo!\YOP\yop.exe

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-31 01:18]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R3 FilterService2;Canon BJ Hid Usb Filter Service2;D:\WINDOWS\system32\DRIVERS\bjhid2.sys [2003-06-17 03:43]
R3 Intels51;Intel® 536EP Modem;D:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 09:44]
R3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S3 hp4200c;%usbscan.SvcDesc%;D:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 08:03:00 D:\WINDOWS\Tasks\Disk Cleanup.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
"2008-01-21 08:01:00 D:\WINDOWS\Tasks\Disk Defragmenter.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
"2008-01-21 09:30:00 D:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- D:\Program Files\ErrorSmart\ErrorSmart.ex
- D:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:14:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 21:15:24
ComboFix-quarantined-files.txt 2008-01-22 03:15:07
ComboFix2.txt 2008-01-20 12:06:14
ComboFix3.txt 2008-01-20 03:09:28

Edited by Kevin5899, 21 January 2008 - 09:33 PM.

  • 0

#7
jwbirdsong
Posted 21 January 2008 - 09:34 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
REMOVED

Edited by jwbirdsong, 22 January 2008 - 12:47 PM.
dup

  • 0

#8
jwbirdsong
Posted 21 January 2008 - 09:35 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
Your log didn't entirely post. please re post it..(Nice catch!!)

Also once you get it posted please do the following.

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


*Note
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

If the KAV log has your email all over it -- please attach it rather than copy/paste.
  • 0

#9
Kevin5899
Posted 23 January 2008 - 06:58 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Jwbirsong, sorry I couldn't get back sooner, lots to do last night and the Kasperspy scan took a long time. But I have the results now. OMIGOSH!!! Says I have 43 viruses!

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 23, 2008 6:53:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/01/2008
Kaspersky Anti-Virus database records: 527474
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 191059
Number of viruses found: 43
Number of infected objects: 122
Number of suspicious objects: 0
Duration of the scan process: 03:33:07

Infected Object Name / Virus Name / Last Action
C:\1f47d71064496\sp1\spmsg.dll Object is locked skipped
C:\1f47d71064496\sp1\spuninst.exe Object is locked skipped
C:\1f47d71064496\sp1\update\eula.txt Object is locked skipped
C:\1f47d71064496\sp1\update\spcustom.dll Object is locked skipped
C:\1f47d71064496\sp1\update\update.exe Object is locked skipped
C:\1f47d71064496\sp2\spmsg.dll Object is locked skipped
C:\1f47d71064496\sp2\spuninst.exe Object is locked skipped
C:\1f47d71064496\sp2\update\eula.txt Object is locked skipped
C:\1f47d71064496\sp2\update\spcustom.dll Object is locked skipped
C:\1f47d71064496\sp2\update\update.exe Object is locked skipped
C:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232791.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232791.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1672\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ311889$\termsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\acgenral.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\aclayers.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\aclua.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\acspecfc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\acverfyr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\acxtrnal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\apphelp.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\apps.chm Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\d3d8.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\drvmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\msimain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\qdvd.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\udfs.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ313484$\vbscript.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ319580$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\reg00001 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\reg00001 Object is locked skipped
C:\WINDOWS\SYSTEM32\moaupd.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.h skipped
C:\WINDOWS\SYSTEM32\moaupd.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WurldMedia.b skipped
C:\WINDOWS\SYSTEM32\moaupd.exe WiseSFX: infected - 2 skipped
D:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe NSIS: infected - 6 skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe NSIS: infected - 6 skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe NSIS: infected - 6 skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\cert8.db Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\formhistory.dat Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\history.dat Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\key3.db Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\parent.lock Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\search.sqlite Object is locked skipped
D:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\kevin\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vrze1r8z.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\kevin\ntuser.dat Object is locked skipped
D:\Documents and Settings\kevin\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\QooBox\Quarantine\D\Program Files\Common Files\SSEMBL~1\svchost.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\QooBox\Quarantine\D\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.dwb skipped
D:\QooBox\Quarantine\D\WINDOWS\.vbe.vir Infected: Virus.VBS.Agent.ah skipped
D:\QooBox\Quarantine\D\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\QooBox\Quarantine\D\WINDOWS\b149.exe.vir Infected: Trojan-Dropper.Win32.Agent.ctu skipped
D:\QooBox\Quarantine\D\WINDOWS\Fonts\a.zip.vir/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
D:\QooBox\Quarantine\D\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
D:\QooBox\Quarantine\D\WINDOWS\mrofinu1188.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\QooBox\Quarantine\D\WINDOWS\system32\.vbe.vir Infected: Virus.VBS.Agent.ah skipped
D:\QooBox\Quarantine\D\WINDOWS\system32\drivers\fltmgrr.sys.vir Infected: Rootkit.Win32.Agent.to skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp1\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp1\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp1\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp2\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp2\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp2\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp2\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh2\sp2\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\common\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\common\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\common\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\common\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\common\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\srv.sys Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\q817606.cat Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\update.inf Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp1\update\update.ver Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp2\srv.sys Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp2\update\q817606.cat Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp2\update\update.inf Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh20\sp2\update\update.ver Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp1\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp1\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp1\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp2\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp2\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp2\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp2\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh21\sp2\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\common\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\common\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\common\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\common\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\common\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\srv.sys Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\update\q817606.cat Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\update\update.inf Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp1\update\update.ver Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp2\srv.sys Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp2\update\q817606.cat Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp2\update\update.inf Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh22\sp2\update\update.ver Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp1\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp1\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp1\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp2\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp2\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp2\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp2\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh23\sp2\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp1\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp1\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp1\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp1\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp1\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp2\spmsg.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp2\spuninst.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp2\update\eula.txt Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp2\update\spcustom.dll Object is locked skipped
D:\RECYCLER\S-1-5-21-3091673561-3826821714-847386435-1003\Dh3\sp2\update\update.exe Object is locked skipped
D:\SDFix\apps\procs.exe Object is locked skipped
D:\SDFix\backups\backups.zip/backups/fdsjwu .exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
D:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0009/data0002 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.g skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0025/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0025 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0026/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0029/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0030/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0030 Infected: Trojan.Win32.Krepper.y skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0032/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0032/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe/data0032 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224470.exe Inno: infected - 28 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224471.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224471.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224471.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1648\A0224471.exe Inno: infected - 3 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1654\A0226499.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1656\A0226541.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1656\A0227501.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1657\A0227728.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1657\A0227750.exe Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1658\A0228797.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1658\A0229802.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1658\A0229835.exe Infected: Trojan-Downloader.Win32.Delf.dlk skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1658\A0229845.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1658\A0229845.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1659\A0229872.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1659\A0229897.exe Infected: Trojan-Dropper.Win32.Agent.ctu skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1660\A0230010.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1660\A0230010.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1662\A0230121.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1663\A0230217.exe Infected: Trojan.Win32.Agent.dwb skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1663\A0230218.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1663\A0230219.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230302.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230386.exe Infected: Trojan.Win32.Agent.dwb skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230387.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230388.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230437.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1664\A0230476.sys Infected: Rootkit.Win32.Agent.sg skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1666\A0232538.exe/SpywareBot/SpywareBot.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.d skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1666\A0232538.exe 7-Zip: infected - 1 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1666\A0232538.exe UPX: infected - 1 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1666\A0232538.exe PE_Patch.UPX: infected - 1 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232769.exe Infected: Trojan-Downloader.Win32.PurityScan.fa skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232777.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232778.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232779.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232780.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232782.dll Infected: Trojan-Downloader.Win32.Small.hpr skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232784.exe Infected: Trojan-Downloader.Win32.VB.ceh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232786.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232788.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232789.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1667\A0232794.exe Infected: Trojan-Downloader.Win32.PurityScan.fa skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1670\A0232961.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1670\A0232961.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1670\A0232961.exe RarSFX: infected - 2 skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1670\A0232971.exe Object is locked skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233043.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233046.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233047.exe Infected: Trojan-Dropper.Win32.Agent.ctu skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233049.sys Infected: Rootkit.Win32.Agent.to skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233050.exe Infected: Trojan.Win32.Agent.dwb skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233051.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233097.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1671\A0233106.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
D:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1672\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\o.vbs Infected: Virus.VBS.Agent.ah skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{3171033C-68DB-4BAE-A663-7C71595EA6C0}\RP1672\change.log Object is locked skipped

Scan process completed.
  • 0

#10
Kevin5899
Posted 25 January 2008 - 08:04 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Uh-Oh, hope the 43 virus count didn't scare you away jwb! :)
  • 0

Advertisements

#11
jwbirdsong
Posted 25 January 2008 - 10:56 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
No actualy most of them are/were in backups/quaranteen or in System Volume Restore ...We'll clear those out in a bit.

Open a new notepad 'page' and copy/paste the text in the codebox below to it:

File::
C:\WINDOWS\SYSTEM32\moaupd.exe
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe
Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot post the contents of Combofix.txt in your next reply, hopefully this will be your last one; how is everything running now??
  • 0

#12
Kevin5899
Posted 26 January 2008 - 10:16 AM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
jwb, I'm going to run the Combofix again now.

As far as how the machine is running, it is running OK, but the taskbar is still white instead of blue and the taskmanager is still wacky. Iwas getting tons of IE popups (nothing in them just a bunch of IE pages) but that has stopped now. Somehow something has changed the taskbar though. Also other pages such as the control panel have more white in them now. Is it possible that smitfraud changed some settings??

I will post the latest combofix when it is finished.

THANKS AGAIN!!!

JWB, the combofix has finished running but did not reboot, should I reboot or not? Here is the log:

ComboFix 08-01-18.5 - kevin 2008-01-26 10:05:56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.690 [GMT -6:00]
Running from: D:\Documents and Settings\kevin\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\kevin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\SYSTEM32\moaupd.exe
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\moaupd.exe
D:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe
D:\Documents and Settings\Hunter\My Documents\Data\all_files2.exe
D:\Documents and Settings\Hunter\My Documents\Data\Data\all_files2.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-22 20:25 . 2008-01-22 20:25 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-01-22 20:25 . 2008-01-22 20:25 <DIR> d-------- D:\WINDOWS\LastGood
2008-01-22 20:25 . 2008-01-22 20:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-20 06:18 . 2008-01-20 06:18 10,000 -r-hs---- D:\WINDOWS\system32\o.vbs
2008-01-19 21:10 . 2008-01-19 21:10 <DIR> d-------- D:\WINDOWS\ERUNT
2008-01-18 17:55 . 2008-01-18 17:55 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-01-18 17:55 . 2008-01-18 17:55 1,409 --a------ D:\WINDOWS\QTFont.for
2008-01-18 14:25 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-17 21:51 . 2008-01-17 21:51 <DIR> d-------- D:\Program Files\Trend Micro
2008-01-17 19:27 . 2008-01-17 19:27 <DIR> d-------- D:\Program Files\Enigma Software Group
2008-01-16 21:45 . 2008-01-16 21:52 1,140 --a------ D:\WINDOWS\system32\tmp.reg
2008-01-16 21:42 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-01-16 21:42 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-01-16 21:42 . 2007-12-20 23:11 81,920 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-01-16 21:42 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-01-16 21:42 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-01-16 21:42 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-01-15 21:09 . 2008-01-15 21:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-13 09:32 . 2008-01-13 09:32 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\Novosoft
2008-01-12 16:15 . 2008-01-13 20:39 <DIR> d-------- D:\VundoFix Backups
2008-01-12 15:38 . 2008-01-13 09:36 <DIR> d-------- D:\Program Files\Windows Live Safety Center
2008-01-10 21:29 . 2008-01-10 21:29 <DIR> d-------- D:\Program Files\Novosoft
2008-01-10 20:44 . 2008-01-13 19:54 <DIR> d-------- D:\Program Files\RegScrubXP
2008-01-10 19:58 . 2008-01-10 19:58 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 17:47 . 2008-01-10 19:58 <DIR> d-------- D:\Documents and Settings\kevin\Application Data\ErrorSmart
2008-01-10 17:39 . 2008-01-10 19:58 <DIR> d-------- D:\Program Files\CCleaner
2008-01-09 20:44 . 2008-01-10 19:58 <DIR> d-------- D:\WINDOWS\system32\usmvt3
2008-01-09 20:44 . 2008-01-13 03:30 <DIR> d-------- D:\WINDOWS\system32\oobe3
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\drivez4
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\comp2
2008-01-09 20:44 . 2008-01-09 20:44 <DIR> d-------- D:\WINDOWS\system32\cache3
2008-01-09 20:44 . 2008-01-13 18:32 <DIR> d-------- D:\WINDOWS\system32\ardCo18
2008-01-08 21:16 . 2008-01-08 21:16 <DIR> d-------- D:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-01-08 21:09 . 2008-01-08 21:09 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2008-01-01 09:37 . 2008-01-02 20:56 <DIR> d-------- D:\Program Files\Magellan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:01 --------- d-----w D:\Documents and Settings\kevin\Application Data\AVG7
2008-01-26 02:13 --------- d-----w D:\Documents and Settings\kevin\Application Data\LimeWire
2008-01-23 07:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\AVG7
2008-01-22 03:09 --------- d-----w D:\Program Files\SP2 Connection Patcher
2008-01-17 04:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 02:25 --------- d-----w D:\Documents and Settings\Hunter\Application Data\AVG7
2008-01-12 02:20 --------- d-----w D:\Program Files\Common Files\Adobe
2008-01-11 01:58 --------- d-----w D:\Program Files\PopUp Killer
2008-01-10 00:32 420 ----a-w D:\Program Files\MLProps.ini
2008-01-10 00:32 3,622 ----a-w D:\Program Files\MMCDi.xml
2008-01-10 00:32 284 ----a-w D:\Program Files\DefaultPlayList.m3u
2008-01-10 00:32 214 ----a-w D:\Program Files\RECache.idx
2008-01-10 00:32 21,101 ----a-w D:\Program Files\MMPlayPref.log
2008-01-10 00:32 2,460 ----a-w D:\Program Files\Wild.log
2008-01-10 00:32 19,855 ----a-w D:\Program Files\userinfo.dat
2008-01-10 00:32 128,046 ----a-w D:\Program Files\mmjblog.txt
2008-01-10 00:32 104,467 ----a-w D:\Program Files\altlog.txt
2008-01-10 00:25 4,400 ----a-w D:\Program Files\MMCD.INI
2008-01-09 10:49 --------- d-----w D:\Program Files\Common Files\owzi
2008-01-03 02:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-23 23:57 618 ----a-w D:\Program Files\LogA-0003.log
2007-12-23 15:23 --------- d-----w D:\Program Files\CDex_150
2007-12-23 15:18 --------- d-----w D:\Program Files\Html
2007-12-23 15:03 553 ----a-w D:\Program Files\Tagger.log
2007-12-23 15:03 524 ----a-w D:\Program Files\Certificate.mmc
2007-12-23 15:03 0 ----a-w D:\Program Files\xamresp.xml
2007-12-23 15:03 --------- d-----w D:\Program Files\Cache
2007-12-23 15:02 297 ----a-w D:\Program Files\xamreq.xml
2007-12-11 00:56 10,019 ----a-w D:\Program Files\QCF.xml
2007-12-09 19:32 --------- d-----w D:\Program Files\The Learning Company
2007-12-07 23:37 --------- d-----w D:\Program Files\Virtual Earth 3D
2007-11-28 14:23 --------- d-----w D:\Documents and Settings\kevin\Application Data\Snapfish
2007-08-30 00:37 8,809 ----a-w D:\Program Files\MMJB.RPT
2006-10-16 03:19 253,087 ----a-w D:\Program Files\CardWiper.zip
2006-10-16 03:17 112,477 ----a-w D:\Program Files\SmartMediaFormatutility.zip
2005-10-29 03:00 4,878,136 ----a-w D:\Program Files\Firefox%20Setup%201.0.7.exe
2004-01-17 03:57 10,752 --sha-w D:\Program Files\Thumbs.db
2003-09-09 03:35 11 ----a-w D:\Program Files\delete.cfg
2003-09-08 02:41 11,068 ----a-w D:\Program Files\Backup.ddf
2003-09-08 02:33 24,576 ----a-w D:\Program Files\wnaspint.dll
2003-09-08 02:13 855 ----a-w D:\Program Files\MMJBBurn.RPT
2003-09-08 02:08 372 ----a-w D:\Program Files\PluginTableCache.dat
2003-09-08 02:00 162,568 ----a-w D:\Program Files\Uninst.isu
2002-05-21 20:09 13,145 ----a-w D:\Program Files\MrbFList.cfg
2002-05-21 00:40 61,440 ----a-w D:\Program Files\mmreg.dll
2002-05-21 00:40 53,248 ----a-w D:\Program Files\FileAssoc.dll
2002-05-21 00:40 401,462 ----a-w D:\Program Files\msvcp60.dll
2002-05-21 00:40 36,864 ----a-w D:\Program Files\RefreshIcon.exe
2002-05-21 00:40 24,576 ----a-w D:\Program Files\preferences.dll
2002-05-21 00:40 167,936 ----a-w D:\Program Files\mmjbloc.dll
2002-05-21 00:40 135,242 ----a-w D:\Program Files\mmInstall.dll
2002-05-21 00:36 98,304 ----a-w D:\Program Files\mmportal.dll
2002-05-21 00:36 94,208 ----a-w D:\Program Files\TrackListPrinter.dll
2002-05-21 00:36 90,112 ----a-w D:\Program Files\mm_tray.exe
2002-05-21 00:36 90,112 ----a-w D:\Program Files\cds.dll
2002-05-21 00:36 81,920 ----a-w D:\Program Files\mmjbctrl.ocx
2002-05-21 00:36 81,920 ----a-w D:\Program Files\MMFWCtrl.ocx
2002-05-21 00:36 73,728 ----a-w D:\Program Files\ObjectManager.dll
2002-05-21 00:36 73,728 ----a-w D:\Program Files\mmuiserv.dll
2002-05-21 00:36 7,270 ----a-w D:\Program Files\TrackListConfig.ini
2002-05-21 00:36 69,632 ----a-w D:\Program Files\xanalyze.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\StgCdr.dll
2002-05-21 00:36 65,536 ----a-w D:\Program Files\mmdiag.exe
2002-05-21 00:36 65,536 ----a-w D:\Program Files\JewelCasePrinter.dll
2002-05-21 00:36 57,344 ----a-w D:\Program Files\FileCacheMgr.dll
2002-05-21 00:36 565,248 ----a-w D:\Program Files\MMJBBurn.exe
2002-05-21 00:36 53,248 ----a-w D:\Program Files\FWRun.dll
2002-05-21 00:36 518 ----a-w D:\Program Files\mmjb.exe.manifest
2002-05-21 00:36 5,848 ----a-w D:\Program Files\drives.ini
2002-05-21 00:36 5,120 ----a-w D:\Program Files\mscdex16.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\linein.dll
2002-05-21 00:36 49,152 ----a-w D:\Program Files\digital.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\fileco.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\DestinationWavDll.dll
2002-05-21 00:36 45,056 ----a-w D:\Program Files\analog.dll
2002-05-21 00:36 442,368 ----a-w D:\Program Files\ti.exe
2002-05-21 00:36 419 ----a-w D:\Program Files\PluginsCache.dat
2002-05-21 00:36 401,536 ----a-w D:\Program Files\MMSecurity.dll
2002-05-21 00:36 40,960 ----a-w D:\Program Files\unmatch.dll
2002-05-21 00:36 398 ----a-w D:\Program Files\DefaultQCF.xml
2002-05-21 00:36 393,299 ----a-w D:\Program Files\libmmd.dll
2002-05-21 00:36 390 ----a-w D:\Program Files\MmjbVersion.lic
2002-05-21 00:36 38,912 ----a-w D:\Program Files\MMJBLaunch.exe
2002-05-21 00:36 338 ----a-w D:\Program Files\mmz_exp.lst
2002-05-21 00:36 332 ----a-w D:\Program Files\mmz.lst
2002-05-21 00:36 32,768 ----a-w D:\Program Files\MmjbVersion.ocx
2002-05-21 00:36 32,768 ----a-w D:\Program Files\mixer.dll
2002-05-21 00:36 307,200 ----a-w D:\Program Files\mmcd.dll
2002-05-21 00:36 3,426 ----a-w D:\Program Files\DestinationWavDll.vp
2002-05-21 00:36 28,672 ----a-w D:\Program Files\record.dll
2002-05-21 00:36 28,672 ----a-w D:\Program Files\mmrio.dll
2002-05-21 00:36 274,432 ----a-w D:\Program Files\xaudio.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice2.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\PortableDevice.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmzip32.dll
2002-05-21 00:36 24,576 ----a-w D:\Program Files\MMPurchase.exe
2002-05-21 00:36 24,576 ----a-w D:\Program Files\mmjbrun.exe
2002-05-21 00:36 229,376 ----a-w D:\Program Files\MMRadioEngine.dll
2002-05-21 00:36 218 ----a-w D:\Program Files\ProvisionalCert.mmc
2002-05-21 00:36 217,088 ----a-w D:\Program Files\mmsal32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_21.09.05.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 02:56:46 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 16:05:34 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 02:56:46 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 16:05:34 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 02:56:49 7,843,840 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-26 16:05:34 233,472 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-20 02:56:49 434,176 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 16:05:34 8,192 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 16:05:36 7,843,840 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-26 16:05:36 434,176 ----a-w D:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-20 03:10:57 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:57 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-19 13:25:21 163,328 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-20 03:10:46 7,843,840 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-01-20 03:10:46 434,176 ----a-w D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 18:27:16 213,048 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-01-20 02:58:53 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-01-20 12:21:28 62,344 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-01-20 02:58:53 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-01-20 12:21:28 401,064 ----a-w D:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-07 17:35 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"KEVINSPEWTER"= .vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-07 17:36 9216 D:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-08-23 22:02 416256 D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 20:26 368706 D:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 05:24 196608 D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
--a------ 2002-01-17 09:40 40448 D:\WINDOWS\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpppta]
--a------ 2000-10-05 00:00 86016 D:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2005-08-24 06:51 442455 D:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-13 20:05 98304 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 02:31 53248 D:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 15:19 129536 D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2006-07-21 09:43 407032 D:\PROGRA~1\Yahoo!\YOP\yop.exe

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-03-31 01:18]
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 10:38]
R3 FilterService2;Canon BJ Hid Usb Filter Service2;D:\WINDOWS\system32\DRIVERS\bjhid2.sys [2003-06-17 03:43]
R3 Intels51;Intel® 536EP Modem;D:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 09:44]
R3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S3 hp4200c;%usbscan.SvcDesc%;D:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 09:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 08:03:00 D:\WINDOWS\Tasks\Disk Cleanup.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk
"2008-01-21 08:01:00 D:\WINDOWS\Tasks\Disk Defragmenter.job"
- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
"2008-01-26 09:30:00 D:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- D:\Program Files\ErrorSmart\ErrorSmart.ex
- D:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 10:12:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 10:13:25
ComboFix-quarantined-files.txt 2008-01-26 16:13:06
ComboFix2.txt 2008-01-22 03:15:25
ComboFix3.txt 2008-01-20 12:06:14
ComboFix4.txt 2008-01-20 03:09:28
  • 0

#13
Kevin5899
Posted 31 January 2008 - 06:28 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hmmmm 4 days without a reply. Did I scare you off jwbirdsong??
  • 0

#14
jwbirdsong
Posted 31 January 2008 - 07:08 PM

jwbirdsong

    Trusted Helper

  • Retired Staff
  • 668 posts
Have you tried changing themes to see if taskbat will change? There is not a lot of info on this issue but Kelly's Taskbar repair tool available HERE has been used by some to fix this. I've can't speak for the tool personally as I've never used it; but I can speak for Kelly Theriot, author of the script. She is an INVALUEABLE part of the XP community and an MS-MVP for many years now. If she offers the script on her site, it IS safe to use. It's worth a shot.

Log are looking real good.
One file I'm curious about tho. Will you go HERE and upload D:\WINDOWS\system32\o.vbs

I've been having an issue with Email notifications from this site, sorry

PS What theme ARE you using??
Do you have the XP install CD??

Edited by jwbirdsong, 31 January 2008 - 07:11 PM.

  • 0

#15
Kevin5899
Posted 31 January 2008 - 08:05 PM

Kevin5899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
jwbirdsong I am just using the normal XP theme. Yes, I do have an XP install CD, I was thinking about using it to repair files. I am running pro and I think the CD I have is home, will it still work to do a repair? Not being able to use the task manager is a bummer and I would like to get that fixed, but other than that everything seems to be just fine. Thank you SO MUCH for your help!! I will try Kelly's tool to and see if it works, and I will also load what you told me to. THANKS AGAIN!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP