Tech Support Forum - View Single Post

lyfelyke · 04-23-2007, 09:50 AM

Thank you so much !! I did the needful as advised by you. Please find below the resultant log file.

ComboFix.txt file
--------------------

"L Fernandez" - 07-04-23 21

22 Service Pack 2, v.2096
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\L Fernandez\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\hyfqtxim.dll
C:\WINDOWS\system32\ygtvwcpi.dll
C:\WINDOWS\system32\niabvbid.dll
C:\WINDOWS\system32\buqsvevb.dll
C:\WINDOWS\system32\fqplbucf.dll
C:\WINDOWS\system32\ufunbvkj.dll
C:\WINDOWS\system32\voembqtc.dll
C:\WINDOWS\system32\dibvbain.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))

2007-04-23 20:10 <DIR> d--hs---- C:\FOUND.000
2007-04-22 04:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 23:29 <DIR> d-------- C:\Deckard
2007-04-20 18:24 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-20 18:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.housecall6.6
2007-04-20 18:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-20 18:01 <DIR> d-------- C:\VundoFix Backups
2007-04-19 18:48 6,828 -ra------ C:\WINDOWS\system32\drivers\ftlund.sys
2007-04-19 18:48 50,396 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-04-19 18:48 48,631 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-04-19 18:46 414,208 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2007-04-19 18:46 19,153 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-04-19 13:57 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\AdobeUM
2007-04-19 12:02 502,860 ---hs---- C:\WINDOWS\system32\aceeg.bak2
2007-04-18 23:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-18 22:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Help
2007-04-18 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-04-18 20:45 <DIR> d-------- C:\Program Files\Intuwave Ltd
2007-04-18 20:43 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-04-18 20:43 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2007-04-18 20:43 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2007-04-18 20:43 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2007-04-18 20:42 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-04-18 20:42 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-18 20:42 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2007-04-18 20:41 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-18 20:41 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-04-18 20:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-18 19:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application DataPDFcreator
2007-04-18 19:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-04-18 18:53 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-18 18:50 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Ahead
2007-04-18 18:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-04-18 18:42 2,969,600 --------- C:\WINDOWS\UNNeroVision.exe
2007-04-18 18:38 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-18 18:38 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-18 18:38 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-04-18 18:38 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-18 18:38 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-18 18:38 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-18 18:38 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-18 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-18 18:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-18 18:37 <DIR> d-------- C:\Program Files\Ahead
2007-04-18 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-18 17:26 <DIR> d-------- C:\WINDOWS\system32\softreg
2007-04-18 16:54 <DIR> d-------- C:\Program Files\Ares
2007-04-18 16:28 <DIR> d-------- C:\DOCUME~1\LFERNA~1\Incomplete
2007-04-18 15:43 <DIR> d-------- C:\Program Files\LimeWire
2007-04-18 15:35 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.limewire
2007-04-18 15:01 <DIR> d-------- C:\Program Files\Web Publish
2007-04-18 14:48 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-18 14:48 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-18 14:48 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-18 14:48 170,256 --a------ C:\WINDOWS\system32\jit.dll
2007-04-18 14:48 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-18 14:47 933,136 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-18 14:47 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-18 14:47 364,304 --a------ C:\WINDOWS\system32\javart.dll
2007-04-18 14:47 34,576 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-18 14:47 256,272 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-18 14:47 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-18 14:47 188,176 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-18 14:47 158,992 --a------ C:\WINDOWS\system32\jview.exe
2007-04-18 14:47 153,872 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-18 14:47 152,848 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-18 14:47 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-18 12:38 <DIR> d--hs---- C:\Recycled
2007-04-18 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-18 12:01 488,357 ---hs---- C:\WINDOWS\system32\aceeg.bak1
2007-04-18 11:42 <DIR> d-------- C:\Program Files\TextPad 4
2007-04-18 11:42 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\TextPad
2007-04-18 11:07 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-04-18 11:07 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\SmartFTP
2007-04-17 20:08 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-17 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-17 20:00 <DIR> dr-h----- C:\MSOCache
2007-04-17 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-04-17 19:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-17 19:25 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-17 19:24 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-17 19:24 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Skype
2007-04-17 19:23 <DIR> d-------- C:\Program Files\Skype
2007-04-17 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-17 19:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-17 19:12 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Talkback
2007-04-17 19:11 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 19:11 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 19:11 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 19:11 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 19:11 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-17 19:11 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 19:11 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-17 19:11 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 19:11 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 19:11 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-17 19:11 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-17 18:28 <DIR> d---s---- C:\DOCUME~1\LFERNA~1\UserData
2007-04-17 12:40 2,097,152 --ah----- C:\DOCUME~1\LFERNA~1\NTUSER.DAT
2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 12:39 <DIR> d--hs---- C:\System Volume Information
2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-17 12:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 12:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 12:26 245,760 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 12:26 0 -rahs---- C:\MSDOS.SYS
2007-04-17 12:26 0 -rahs---- C:\IO.SYS
2007-04-17 12:26 0 --a------ C:\CONFIG.SYS
2007-04-17 12:26 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 12:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 12:23 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-17 12:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 12:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 12:21 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 12:21 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 12:21 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 12:20 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-17 12:20 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 12:20 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 12:20 673,792 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 12:20 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 12:20 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 12:20 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 12:20 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 12:20 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 12:20 378,368 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 12:20 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 12:20 297,984 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 12:20 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 12:20 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 12:20 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 12:20 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 12:20 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 12:20 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-17 12:20 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 12:20 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-17 12:20 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 12:20 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-17 12:20 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 12:20 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 12:20 119,680 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-17 12:20 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 12:20 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 12:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 12:18 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 12:17 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 12:17 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 12:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 12:17 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 12:17 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 12:17 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 12:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 12:17 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 12:17 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 12:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 12:17 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 12:17 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 12:17 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 12:17 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 12:17 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 12:17 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 12:17 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 12:17 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 12:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 12:17 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 12:17 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 12:17 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 12:17 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 12:17 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 12:17 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 12:17 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 12:16 979,456 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 12:16 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 12:16 908,288 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 12:16 86,664 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 12:16 86,016 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 12:16 84,992 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 12:16 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 12:16 8,192 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 12:16 746,496 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 12:16 694,272 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 12:16 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 12:16 623,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 12:16 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 12:16 6,656 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 12:16 59,904 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 12:16 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 12:16 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 12:16 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 12:16 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 12:16 457,216 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-17 12:16 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 12:16 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 12:16 40,712 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 12:16 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 12:16 38,400 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 12:16 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 12:16 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 12:16 310,784 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 12:16 294,400 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 12:16 29,696 --a------ C:\WINDOWS\system32\wups.dll
2007-04-17 12:16 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 12:16 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 12:16 227,840 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 12:16 197,120 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 12:16 192,512 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-17 12:16 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 12:16 184,832 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 12:16 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 12:16 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 12:16 166,400 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-17 12:16 154,624 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 12:16 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 12:16 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 12:16 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 12:16 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 12:16 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 12:16 13,312 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 12:16 127,496 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 12:16 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 12:16 115,200 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-17 12:16 114,176 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 12:16 111,616 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 12:16 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 12:16 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 12:16 1,653,760 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 12:16 1,554,432 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 12:16 <DIR> d-------- C:\Program Files\Windows NT

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\voembqtc.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 21:08:24
Windows 5.1.2600 Service Pack 2, v.2096 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-23 21:08:30
C:\ComboFix-quarantined-files.txt ... 07-04-23 21:08

ComboFix-quarantined-files.txt
------------------------------

Code:

07-04-18 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hyfqtxim.dll.vir
07-04-18 12:02      48708    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ufunbvkj.dll.vir
07-04-19 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ygtvwcpi.dll.vir
07-04-20 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\buqsvevb.dll.vir
07-04-21 13:09      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fqplbucf.dll.vir
07-04-23 19:00      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\niabvbid.dll.vir
07-04-23 20:25      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\voembqtc.dll.vir
07-04-23 20:28      1537537    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dibvbain.ini.vir


Folder PATH listing
Volume serial number is 704A-A4CD
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---C
        \---WINDOWS
            \---system32
                    hyfqtxim.dll.vir
                    ygtvwcpi.dll.vir
                    niabvbid.dll.vir
                    buqsvevb.dll.vir
                    fqplbucf.dll.vir
                    ufunbvkj.dll.vir
                    voembqtc.dll.vir
                    dibvbain.ini.vir

hijackthis.log
-------------

Logfile of HijackThis v1.99.1
Scan saved at 9:10:05 PM, on 23/04/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\L Fernandez\Desktop\L Fernandez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\voembqtc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

04-23-2007, 09:50 AM	#3 (permalink)
lyfelyke Registered User Join Date: Apr 2007 Posts: 4 OS: XP	Re: Help me please, IE/firefox hijacked Thank you so much !! I did the needful as advised by you. Please find below the resultant log file. ComboFix.txt file -------------------- "L Fernandez" - 07-04-23 2122 Service Pack 2, v.2096 ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\L Fernandez\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\hyfqtxim.dll C:\WINDOWS\system32\ygtvwcpi.dll C:\WINDOWS\system32\niabvbid.dll C:\WINDOWS\system32\buqsvevb.dll C:\WINDOWS\system32\fqplbucf.dll C:\WINDOWS\system32\ufunbvkj.dll C:\WINDOWS\system32\voembqtc.dll C:\WINDOWS\system32\dibvbain.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 )))))))))))))))))))))))))))))))))) 2007-04-23 20:10 <DIR> d--hs---- C:\FOUND.000 2007-04-22 04:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-21 23:29 <DIR> d-------- C:\Deckard 2007-04-20 18:24 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-04-20 18:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.housecall6.6 2007-04-20 18:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-20 18:01 <DIR> d-------- C:\VundoFix Backups 2007-04-19 18:48 6,828 -ra------ C:\WINDOWS\system32\drivers\ftlund.sys 2007-04-19 18:48 50,396 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys 2007-04-19 18:48 48,631 -ra------ C:\WINDOWS\system32\ftserui2.dll 2007-04-19 18:46 414,208 -ra------ C:\WINDOWS\system32\ftdiunin.exe 2007-04-19 18:46 19,153 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys 2007-04-19 13:57 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\AdobeUM 2007-04-19 12:02 502,860 ---hs---- C:\WINDOWS\system32\aceeg.bak2 2007-04-18 23:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-04-18 22:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Help 2007-04-18 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson 2007-04-18 20:45 <DIR> d-------- C:\Program Files\Intuwave Ltd 2007-04-18 20:43 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll 2007-04-18 20:43 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe 2007-04-18 20:43 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL 2007-04-18 20:43 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL 2007-04-18 20:42 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2007-04-18 20:42 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-04-18 20:42 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll 2007-04-18 20:41 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-04-18 20:41 <DIR> d-------- C:\Program Files\Sony Ericsson 2007-04-18 20:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-04-18 19:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application DataPDFcreator 2007-04-18 19:14 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-04-18 18:53 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-04-18 18:50 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Ahead 2007-04-18 18:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-04-18 18:42 2,969,600 --------- C:\WINDOWS\UNNeroVision.exe 2007-04-18 18:38 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-04-18 18:38 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-04-18 18:38 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-04-18 18:38 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-04-18 18:38 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-04-18 18:38 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-04-18 18:38 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-04-18 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead 2007-04-18 18:37 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-04-18 18:37 <DIR> d-------- C:\Program Files\Ahead 2007-04-18 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-04-18 17:26 <DIR> d-------- C:\WINDOWS\system32\softreg 2007-04-18 16:54 <DIR> d-------- C:\Program Files\Ares 2007-04-18 16:28 <DIR> d-------- C:\DOCUME~1\LFERNA~1\Incomplete 2007-04-18 15:43 <DIR> d-------- C:\Program Files\LimeWire 2007-04-18 15:35 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.limewire 2007-04-18 15:01 <DIR> d-------- C:\Program Files\Web Publish 2007-04-18 14:48 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-04-18 14:48 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-04-18 14:48 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2007-04-18 14:48 170,256 --a------ C:\WINDOWS\system32\jit.dll 2007-04-18 14:48 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-04-18 14:47 933,136 --a------ C:\WINDOWS\system32\msjava.dll 2007-04-18 14:47 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2007-04-18 14:47 364,304 --a------ C:\WINDOWS\system32\javart.dll 2007-04-18 14:47 34,576 --a------ C:\WINDOWS\system32\javaprxy.dll 2007-04-18 14:47 256,272 --a------ C:\WINDOWS\system32\vmhelper.dll 2007-04-18 14:47 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll 2007-04-18 14:47 188,176 --a------ C:\WINDOWS\system32\javacypt.dll 2007-04-18 14:47 158,992 --a------ C:\WINDOWS\system32\jview.exe 2007-04-18 14:47 153,872 --a------ C:\WINDOWS\system32\msawt.dll 2007-04-18 14:47 152,848 --a------ C:\WINDOWS\system32\wjview.exe 2007-04-18 14:47 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe 2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-04-18 12:38 <DIR> d--hs---- C:\Recycled 2007-04-18 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-04-18 12:01 488,357 ---hs---- C:\WINDOWS\system32\aceeg.bak1 2007-04-18 11:42 <DIR> d-------- C:\Program Files\TextPad 4 2007-04-18 11:42 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\TextPad 2007-04-18 11:07 <DIR> d-------- C:\Program Files\SmartFTP Client 2007-04-18 11:07 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\SmartFTP 2007-04-17 20:08 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-04-17 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-04-17 20:00 <DIR> dr-h----- C:\MSOCache 2007-04-17 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-04-17 19:41 <DIR> d-------- C:\Program Files\Yahoo! 2007-04-17 19:25 1,156 --a------ C:\WINDOWS\mozver.dat 2007-04-17 19:24 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-04-17 19:24 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Skype 2007-04-17 19:23 <DIR> d-------- C:\Program Files\Skype 2007-04-17 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-04-17 19:12 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-17 19:12 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Talkback 2007-04-17 19:11 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-17 19:11 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-17 19:11 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-17 19:11 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-17 19:11 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-04-17 19:11 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-17 19:11 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-04-17 19:11 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-17 19:11 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-17 19:11 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-17 19:11 <DIR> d-------- C:\Program Files\Alwil Software 2007-04-17 18:28 <DIR> d---s---- C:\DOCUME~1\LFERNA~1\UserData 2007-04-17 12:40 2,097,152 --ah----- C:\DOCUME~1\LFERNA~1\NTUSER.DAT 2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-17 12:39 <DIR> d--hs---- C:\System Volume Information 2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-17 12:27 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-04-17 12:27 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-04-17 12:26 245,760 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-17 12:26 0 -rahs---- C:\MSDOS.SYS 2007-04-17 12:26 0 -rahs---- C:\IO.SYS 2007-04-17 12:26 0 --a------ C:\CONFIG.SYS 2007-04-17 12:26 0 --a------ C:\AUTOEXEC.BAT 2007-04-17 12:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-17 12:23 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-04-17 12:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-04-17 12:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-17 12:21 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-17 12:21 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-17 12:21 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-17 12:20 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-17 12:20 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-17 12:20 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-17 12:20 673,792 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-17 12:20 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-17 12:20 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-17 12:20 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-17 12:20 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-17 12:20 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-17 12:20 378,368 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-17 12:20 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-17 12:20 297,984 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-17 12:20 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-17 12:20 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-17 12:20 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-17 12:20 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-17 12:20 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-17 12:20 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-04-17 12:20 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-17 12:20 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-17 12:20 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-17 12:20 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-04-17 12:20 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-17 12:20 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-17 12:20 119,680 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-04-17 12:20 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-17 12:20 <DIR> d---s---- C:\WINDOWS\Tasks 2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\srchasst 2007-04-17 12:20 <DIR> d-------- C:\Program Files\Movie Maker 2007-04-17 12:20 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-04-17 12:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-17 12:18 <DIR> d-------- C:\WINDOWS\Registration 2007-04-17 12:17 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-17 12:17 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-17 12:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-17 12:17 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-17 12:17 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-04-17 12:17 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-17 12:17 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-17 12:17 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-17 12:17 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-17 12:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-17 12:17 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-17 12:17 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-17 12:17 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-17 12:17 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-04-17 12:17 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-17 12:17 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-17 12:17 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-17 12:17 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-17 12:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-17 12:17 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-04-17 12:17 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-17 12:17 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-17 12:17 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-04-17 12:17 <DIR> d-------- C:\Program Files\Online Services 2007-04-17 12:17 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-04-17 12:17 <DIR> d-------- C:\Program Files\Messenger 2007-04-17 12:16 979,456 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-17 12:16 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-17 12:16 908,288 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-17 12:16 86,664 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-17 12:16 86,016 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-17 12:16 84,992 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-17 12:16 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-17 12:16 8,192 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-17 12:16 746,496 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-17 12:16 694,272 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-17 12:16 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-17 12:16 623,616 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-17 12:16 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-17 12:16 6,656 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-17 12:16 59,904 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-17 12:16 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-17 12:16 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-17 12:16 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-04-17 12:16 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-17 12:16 457,216 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-17 12:16 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-17 12:16 407,552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-17 12:16 40,712 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-17 12:16 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-17 12:16 38,400 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-17 12:16 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-17 12:16 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-17 12:16 310,784 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-17 12:16 294,400 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-17 12:16 29,696 --a------ C:\WINDOWS\system32\wups.dll 2007-04-17 12:16 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-17 12:16 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-17 12:16 227,840 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-17 12:16 197,120 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-17 12:16 192,512 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-17 12:16 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-17 12:16 184,832 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-17 12:16 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-17 12:16 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-17 12:16 166,400 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-17 12:16 154,624 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-17 12:16 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-17 12:16 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-17 12:16 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-17 12:16 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-17 12:16 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-17 12:16 13,312 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-17 12:16 127,496 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-17 12:16 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-17 12:16 115,200 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-17 12:16 114,176 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-17 12:16 111,616 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-17 12:16 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-17 12:16 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-17 12:16 1,653,760 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-17 12:16 1,554,432 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\Com 2007-04-17 12:16 <DIR> d-------- C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\voembqtc.dll [x] {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-23 21:08:24 Windows 5.1.2600 Service Pack 2, v.2096 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-04-23 21:08:30 C:\ComboFix-quarantined-files.txt ... 07-04-23 21:08 ComboFix-quarantined-files.txt ------------------------------ Code: 07-04-18 12:02 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hyfqtxim.dll.vir 07-04-18 12:02 48708 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ufunbvkj.dll.vir 07-04-19 12:02 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ygtvwcpi.dll.vir 07-04-20 12:02 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\buqsvevb.dll.vir 07-04-21 13:09 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fqplbucf.dll.vir 07-04-23 19:00 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\niabvbid.dll.vir 07-04-23 20:25 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\voembqtc.dll.vir 07-04-23 20:28 1537537 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dibvbain.ini.vir Folder PATH listing Volume serial number is 704A-A4CD C:\QOOBOX \---Quarantine +---Registry_backups \---C \---WINDOWS \---system32 hyfqtxim.dll.vir ygtvwcpi.dll.vir niabvbid.dll.vir buqsvevb.dll.vir fqplbucf.dll.vir ufunbvkj.dll.vir voembqtc.dll.vir dibvbain.ini.vir hijackthis.log ------------- Logfile of HijackThis v1.99.1 Scan saved at 9:10:05 PM, on 23/04/2007 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\L Fernandez\Desktop\L Fernandez.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\voembqtc.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe