Tech Support Forum - View Single Post

sunshine863 · 08-14-2007, 05:45 AM

ComboFix 07-08-14 - "Draha Pitner" 2007-08-14 16:34:06.2 - NTFSx86
Command switches used :: C:\Documents and Settings\Draha Pitner\Desktop\CFScript.txt
framedyn.dll is missing

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@acvs.mediaonenetwork[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@apmebf[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@atwola[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@avsystemcare[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@azjmp[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@go.sexprofit[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@media.sensis.com[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@media.the-leaky-cauldron[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@mediaonenetwork[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@mediaplex[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@pamedia.com[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@pcprivacytool[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[3].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[4].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[5].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[6].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[7].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[8].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacyprotector[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacyprotector[3].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[3].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[4].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@rb4.worldsex[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@sale.trustedantivirus[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@secure.udefender[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@securepccleaner[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@securepccleaner[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@sensismediasmart.com[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@shop.securepccleaner[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@trustedantivirus[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@ucleaner[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@udefender[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.rusteensex[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.udefender[2].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.xnxx[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@xnxx[1].txt.dat
C:\Program Files\Enigma Software Group\SpyHunter\Backup\MICROSOFT_WINDOWS NT_CURRENTVERSION_WINLOGON_NOTIFY_igfxcui.dat
C:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat
C:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\VundoFix Backups

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 10:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 07:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-14 07:42 <DIR> d-------- C:\Deckard
2007-08-13 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-13 07:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-19 15:55 <DIR> d-------- C:\etax2007

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 15:56 --------- d-------- C:\DOCUME~1\DRAHAP~1\APPLIC~1\Skype
2007-08-13 17:19 --------- d-------- C:\Program Files\QuickTime Alternative
2007-08-13 17:15 --------- d-------- C:\Program Files\iTunes
2007-08-13 17:13 --------- d-------- C:\Program Files\Cordless USB Phone
2007-08-13 17:10 --------- d-------- C:\Program Files\BigFix
2007-08-13 08:50 --------- d-------- C:\Program Files\Messenger
2007-08-11 19:32 2058849 --a------ C:\ieSpellSetup251106.exe
2007-07-28 08:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 08:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 08:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 08:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-28 07:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-28 07:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-28 07:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-05 20:40 --------- d-------- C:\Program Files\UserZoom
2007-05-17 01:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-09-21 17:27 359112 --a------ C:\Program Files\LimeWireWin.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-10-15 23:18]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-16 17:05]
"CHotkey"="mHotkey.exe" [2002-07-24 05:09 C:\WINDOWS\mHotkey.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-10-08 20:03]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 08:03]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 12:08]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-24 16:01]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-14 06:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
"Uniblue Registry Booster2"="C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" []
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-27 15:41:14]
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-09-26 20:19:53]
Cordless DUALphone Startup.lnk - C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe [2006-09-15 13:35:17]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

Contents of the 'Scheduled Tasks' folder
2007-04-14 23:25:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-05 23:24:00 C:\WINDOWS\Tasks\Backup.job - C:\WINDOWS\system32\ntbackup.exe
2007-09-16 06:40:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6D791AA4-65E9-479C-9BF6-2BA8647125D1}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 16:38:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 16:40:01
C:\ComboFix-quarantined-files.txt ... 2007-08-14 16:39
C:\ComboFix2.txt ... 2007-08-14 10:59

--- E O F ---

oooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOooooo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:04, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158240005171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158277898062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 10559 bytes

ooooooooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOoooooooo

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 14, 2007 9:26:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/08/2007
Kaspersky Anti-Virus database records: 379854
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55320
Number of viruses found: 8
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:52:23

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\DRAHAP~1\LOCALS~1\Temp\NeroDemo12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\call256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chat512.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\index2.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\user1024.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\user16384.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Draha Pitner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\History\History.IE5\MSHist012007081420070815\index.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DF93B5.tmp Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DF93D8.tmp Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DFA490.tmp Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Draha Pitner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Draha Pitner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped
C:\Program Files\BigFix\__Data\__Global\Logs\20070814.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\62AE6F6F.exe Infected: Backdoor.Win32.Rbot.bfb skipped
C:\Program Files\Norton AntiVirus\Quarantine\77AB3D8E Infected: Email-Worm.Win32.Warezov.et skipped
C:\Program Files\Norton AntiVirus\Quarantine\77B078EB Infected: Backdoor.Win32.PoeBot.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\7955211B Infected: Backdoor.Win32.Rbot.bfb skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D6772A1.exe Infected: Backdoor.Win32.PoeBot.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D6A1C9D.exe Infected: Backdoor.Win32.Rbot.aqo skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070814-090001-742.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\QooBox\Quarantine\C\WINDOWS\duocore.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071709.exe Infected: not-virus:Hoax.Win32.Renos.he skipped
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071733.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071734.exe Infected: not-virus:Hoax.Win32.Renos.he skipped
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071899.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped
C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP425\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_494.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

oooooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOooooooo

Hello, so far all seems just about normal. Wallpaper, homepage all back to original, no more pesky pop ups. You guys are the best!!!

You have asked me to delete SpyHunter from my system - does it cause havoc? I have only just purchased it :-(...

As far the framedy.dll file goes, I need to find someone who (still) operates XP.

So thank you once again

Cheers
Draha

08-14-2007, 05:45 AM	#11 (permalink)
sunshine863 Registered User Join Date: Aug 2007 Location: Australia Posts: 9 OS: XP home edition	Re: help needed with Malware takeover ComboFix 07-08-14 - "Draha Pitner" 2007-08-14 16:34:06.2 - NTFSx86 Command switches used :: C:\Documents and Settings\Draha Pitner\Desktop\CFScript.txt framedyn.dll is missing ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Enigma Software Group C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@acvs.mediaonenetwork[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@apmebf[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@atwola[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@avsystemcare[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@azjmp[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@go.sexprofit[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@media.sensis.com[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@media.the-leaky-cauldron[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@mediaonenetwork[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@mediaplex[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@pamedia.com[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@pcprivacytool[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[3].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[4].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[5].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[6].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[7].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacy.securepccleaner[8].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacyprotector[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@privacyprotector[3].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[3].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@protect.trustedantivirus[4].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@rb4.worldsex[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@sale.trustedantivirus[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@secure.udefender[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@securepccleaner[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@securepccleaner[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@sensismediasmart.com[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@shop.securepccleaner[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@trustedantivirus[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@ucleaner[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@udefender[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.rusteensex[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.udefender[2].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@www.xnxx[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\draha_pitner@xnxx[1].txt.dat C:\Program Files\Enigma Software Group\SpyHunter\Backup\MICROSOFT_WINDOWS NT_CURRENTVERSION_WINLOGON_NOTIFY_igfxcui.dat C:\Program Files\Enigma Software Group\SpyHunter\backupLog.dat C:\Program Files\Enigma Software Group\SpyHunter\def.dat.bak C:\Program Files\Enigma Software Group\SpyHunter\support.log C:\VundoFix Backups ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 10:41 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-14 07:46 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-14 07:42 <DIR> d-------- C:\Deckard 2007-08-13 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-13 07:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-19 15:55 <DIR> d-------- C:\etax2007 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 15:56 --------- d-------- C:\DOCUME~1\DRAHAP~1\APPLIC~1\Skype 2007-08-13 17:19 --------- d-------- C:\Program Files\QuickTime Alternative 2007-08-13 17:15 --------- d-------- C:\Program Files\iTunes 2007-08-13 17:13 --------- d-------- C:\Program Files\Cordless USB Phone 2007-08-13 17:10 --------- d-------- C:\Program Files\BigFix 2007-08-13 08:50 --------- d-------- C:\Program Files\Messenger 2007-08-11 19:32 2058849 --a------ C:\ieSpellSetup251106.exe 2007-07-28 08:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 08:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 08:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 08:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-28 07:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-28 07:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-28 07:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-05 20:40 --------- d-------- C:\Program Files\UserZoom 2007-05-17 01:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-17 01:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-17 01:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-17 01:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-17 01:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2006-09-21 17:27 359112 --a------ C:\Program Files\LimeWireWin.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2002-10-15 23:18] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-16 17:05] "CHotkey"="mHotkey.exe" [2002-07-24 05:09 C:\WINDOWS\mHotkey.exe] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-10-08 20:03] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 08:03] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 12:08] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-24 16:01] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-14 06:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32] "Uniblue Registry Booster2"="C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" [] "Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-27 15:41:14] BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-09-26 20:19:53] Cordless DUALphone Startup.lnk - C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe [2006-09-15 13:35:17] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] Contents of the 'Scheduled Tasks' folder 2007-04-14 23:25:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-05 23:24:00 C:\WINDOWS\Tasks\Backup.job - C:\WINDOWS\system32\ntbackup.exe 2007-09-16 06:40:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6D791AA4-65E9-479C-9BF6-2BA8647125D1}.job - C:\WINDOWS\system32\msfeedssync.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 16:38:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-14 16:40:01 C:\ComboFix-quarantined-files.txt ... 2007-08-14 16:39 C:\ComboFix2.txt ... 2007-08-14 10:59 --- E O F --- oooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOooooo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:04, on 14/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime Alternative\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\System32\rsvp.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?') O4 - HKUS\S-1-5-21-2732481820-3784550950-147138153-1005\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User '?') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158240005171 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158277898062 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing) -- End of file - 10559 bytes ooooooooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOoooooooo ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, August 14, 2007 9:26:44 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 14/08/2007 Kaspersky Anti-Virus database records: 379854 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 55320 Number of viruses found: 8 Number of infected objects: 13 Number of suspicious objects: 0 Duration of the scan process: 01:52:23 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\DOCUME~1\DRAHAP~1\LOCALS~1\Temp\NeroDemo12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\call256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\callmember256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chat512.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmember256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\index2.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\profile16384.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\user1024.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\user16384.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Application Data\Skype\sunshine863\voicemail256.dbb Object is locked skipped C:\Documents and Settings\Draha Pitner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\History\History.IE5\MSHist012007081420070815\index.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DF93B5.tmp Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DF93D8.tmp Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\Temp\~DFA490.tmp Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Draha Pitner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Draha Pitner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped C:\Program Files\BigFix\__Data\__Global\Logs\20070814.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\62AE6F6F.exe Infected: Backdoor.Win32.Rbot.bfb skipped C:\Program Files\Norton AntiVirus\Quarantine\77AB3D8E Infected: Email-Worm.Win32.Warezov.et skipped C:\Program Files\Norton AntiVirus\Quarantine\77B078EB Infected: Backdoor.Win32.PoeBot.c skipped C:\Program Files\Norton AntiVirus\Quarantine\7955211B Infected: Backdoor.Win32.Rbot.bfb skipped C:\Program Files\Norton AntiVirus\Quarantine\7D6772A1.exe Infected: Backdoor.Win32.PoeBot.c skipped C:\Program Files\Norton AntiVirus\Quarantine\7D6A1C9D.exe Infected: Backdoor.Win32.Rbot.aqo skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20070814-090001-742.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped C:\QooBox\Quarantine\C\WINDOWS\duocore.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bn skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071709.exe Infected: not-virus:Hoax.Win32.Renos.he skipped C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071733.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071734.exe Infected: not-virus:Hoax.Win32.Renos.he skipped C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP424\A0071899.dll Infected: not-a-virus:AdWare.Win32.Agent.bn skipped C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP425\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\temp\Perflib_Perfdata_494.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. oooooooOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOooooooo Hello, so far all seems just about normal. Wallpaper, homepage all back to original, no more pesky pop ups. You guys are the best!!! You have asked me to delete SpyHunter from my system - does it cause havoc? I have only just purchased it :-(... As far the framedy.dll file goes, I need to find someone who (still) operates XP. So thank you once again Cheers Draha