ok. 12 hours later I have the logs. Geez it takes forever just to find out what was on here. I've only had the machine a week, and only been using the net a total of 2 hrs except for going through this process. boo on that.
I was still getting ad popups all through this process, including the last scan.
"Owner" - 2007-05-06 19:22:54 Service Pack 2
ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\Owner.notebook\Desktop\"
Command switches used :: "/v winbfi32 vtuvtts xfxqeul nhiiuxj ypcos bpqsrdi eswyvfl jdzsnmj jnhbbfuk jspvkdql luyhsser rzhjmkud"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\winbfi32.dll
C:\WINDOWS\system32\nhiiuxj.dll
C:\WINDOWS\system32\ypcos.dll
C:\WINDOWS\system32\bpqsrdi.dll
C:\WINDOWS\system32\eswyvfl.dll
C:\WINDOWS\system32\jdzsnmj.dll
C:\WINDOWS\system32\jnhbbfuk.dll
C:\WINDOWS\system32\jspvkdql.dll
C:\WINDOWS\system32\luyhsser.dll
C:\WINDOWS\system32\khhvvmmu.dll
C:\WINDOWS\system32\pbkhejey.dll
C:\WINDOWS\system32\kufbbhnj.ini
C:\WINDOWS\system32\ummvvhhk.ini
C:\WINDOWS\system32\vtuvtts.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\APPLIC~1\SSTEM~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1\FNTS~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1\FNTS~1\?xplorer.exe
C:\qoobox\purity\C\Program Files\DOBE~1
C:\qoobox\purity\C\Program Files\MBOLS~1
C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\C\WINDOWS\FNTS~1
((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))
2007-05-06 18:49 1,493,437 ---hs---- C:\WINDOWS\system32\orqss.bak2
2007-05-06 01:00 <DIR> d-------- C:\Program Files\Game Editor
2007-05-06 00:52 284,756 ---hs---- C:\WINDOWS\system32\ssqro.dll
2007-05-06 00:52 1,491,280 ---hs---- C:\WINDOWS\system32\orqss.bak1
2007-05-06 00:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 21:17 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-05 21:17 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-05 21:17 <DIR> d-------- C:\Program Files\Xvid
2007-05-05 17:26 <DIR> d-------- C:\Program Files\Serious Magic
2007-05-05 16:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-05 16:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-05-04 00:28 <DIR> d-------- C:\roms
2007-05-03 20:09 <DIR> d-------- C:\Deckard
2007-05-03 20:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-03 19:44 2 --a------ C:\WINDOWS\system32\wnstssv32.exe
2007-05-03 19:44 <DIR> d-------- C:\WINDOWS\system32\ądobe
2007-05-03 18:46 <DIR> d-------- C:\Program Files\IrfanView
2007-05-02 23:53 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-02 23:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-02 23:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-02 23:53 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-02 23:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-02 23:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-02 23:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-02 23:52 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-02 23:52 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-05-02 23:52 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-05-02 23:52 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-05-02 22:06 <DIR> d-------- C:\Program Files\Common Files\ēasks
2007-05-02 21:51 <DIR> d-------- C:\WINDOWS\wozu
2007-05-02 21:51 <DIR> d-------- C:\Program Files\Common Files\wozu
2007-05-02 21:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-02 21:36 <DIR> d--hs---- C:\WINDOWS\IA
2007-04-30 22:51 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-04-30 22:32 <DIR> d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-04-30 22:30 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-30 22:28 995,383 --a------ C:\WINDOWS\system\MFC42.DLL
2007-04-30 22:28 95,232 --a------ C:\WINDOWS\system\Lfkodak.dll
2007-04-30 22:28 933,888 --a------ C:\WINDOWS\system\MFC40.DLL
2007-04-30 22:28 93,184 --a------ C:\WINDOWS\system\Lftif70n.dll
2007-04-30 22:28 81,946 --a------ C:\WINDOWS\system32\vb5ko.dll
2007-04-30 22:28 81,920 --a------ C:\WINDOWS\system\CAPI2032.DLL
2007-04-30 22:28 81,408 --a------ C:\WINDOWS\system\Ltimg70n.dll
2007-04-30 22:28 76,800 --a------ C:\WINDOWS\system\lffax10N.dll
2007-04-30 22:28 70,656 --a------ C:\WINDOWS\system\MSVCIRT.DLL
2007-04-30 22:28 57,344 --a------ C:\WINDOWS\system\BPEnhan.dll
2007-04-30 22:28 55,808 --a------ C:\WINDOWS\system\Lffax70n.dll
2007-04-30 22:28 55,296 --a------ C:\WINDOWS\system\Ltfil70n.dll
2007-04-30 22:28 53,248 --a------ C:\WINDOWS\system32\A32usd.dll
2007-04-30 22:28 45,056 --a------ C:\WINDOWS\Gtwatch.exe
2007-04-30 22:28 350,208 --a------ C:\WINDOWS\system\Ltkrn70n.dll
2007-04-30 22:28 35,840 --a------ C:\WINDOWS\system\lflma10N.dll
2007-04-30 22:28 35,328 --a------ C:\WINDOWS\system\lttwn10N.dll
2007-04-30 22:28 35,328 --a------ C:\WINDOWS\system\Lffpx70n.dll
2007-04-30 22:28 344,064 --a------ C:\WINDOWS\system\MSVCRT40.DLL
2007-04-30 22:28 34,304 --a------ C:\WINDOWS\system\lfbmp10N.dll
2007-04-30 22:28 33,280 --a------ C:\WINDOWS\system\lfpcx10N.dll
2007-04-30 22:28 32,768 --a------ C:\WINDOWS\system\Lfgif70n.dll
2007-04-30 22:28 31,232 --a------ C:\WINDOWS\system\lflmb10N.dll
2007-04-30 22:28 306,688 --a------ C:\WINDOWS\system\LFFPX7.DLL
2007-04-30 22:28 297,472 --a------ C:\WINDOWS\system\ltkrn10N.dll
2007-04-30 22:28 28,672 --a------ C:\WINDOWS\system\Lflma70n.dll
2007-04-30 22:28 28,160 --a------ C:\WINDOWS\system\lfwmf10N.dll
2007-04-30 22:28 266,752 --a------ C:\WINDOWS\system\Lfcmp10n.dll
2007-04-30 22:28 266,293 --a------ C:\WINDOWS\system\MSVCRT.DLL
2007-04-30 22:28 26,112 --a------ C:\WINDOWS\system\Lfica70n.dll
2007-04-30 22:28 25,600 --a------ C:\WINDOWS\system\Lttwn70n.dll
2007-04-30 22:28 25,088 --a------ C:\WINDOWS\system\Lflmb70n.dll
2007-04-30 22:28 24,576 --a------ C:\WINDOWS\system\Lfpcx70n.dll
2007-04-30 22:28 24,576 --a------ C:\WINDOWS\system\Lfbmp70n.dll
2007-04-30 22:28 24,064 --a------ C:\WINDOWS\system\Lfpct70n.dll
2007-04-30 22:28 24,064 --a------ C:\WINDOWS\system\Lfeps70n.dll
2007-04-30 22:28 228,864 --a------ C:\WINDOWS\system\LTDIS10N.dll
2007-04-30 22:28 224,768 --a------ C:\WINDOWS\system\Lfcmp70n.dll
2007-04-30 22:28 221,696 --a------ C:\WINDOWS\system\ltefx10N.dll
2007-04-30 22:28 22,016 --a------ C:\WINDOWS\system\Lfpsd70n.dll
2007-04-30 22:28 212,480 --a------ C:\WINDOWS\system\Pcdlib32.dll
2007-04-30 22:28 20,992 --a------ C:\WINDOWS\system\Lftga70n.dll
2007-04-30 22:28 20,480 --a------ C:\WINDOWS\system\Lfwpg70n.dll
2007-04-30 22:28 20,480 --a------ C:\WINDOWS\system\LFIMG70N.DLL
2007-04-30 22:28 19,968 --a------ C:\WINDOWS\system\Lfcal70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfras70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfpcd70n.dll
2007-04-30 22:28 19,456 --a------ C:\WINDOWS\system\Lfmsp70n.dll
2007-04-30 22:28 18,944 --a------ C:\WINDOWS\system\Lfwfx70n.dll
2007-04-30 22:28 18,944 --a------ C:\WINDOWS\system\Lfmac70n.dll
2007-04-30 22:28 18,120 --a------ C:\WINDOWS\system32\drivers\gt681x.sys
2007-04-30 22:28 176,128 --a------ C:\WINDOWS\system32\PuzzSaver.scr
2007-04-30 22:28 172,032 --a------ C:\WINDOWS\system32\SpotSaver.scr
2007-04-30 22:28 17,920 --a------ C:\WINDOWS\system\Lfavi70n.dll
2007-04-30 22:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-30 22:28 135,168 --a------ C:\WINDOWS\system32\ParaSaver.scr
2007-04-30 22:28 122,368 --a------ C:\WINDOWS\system\lftif10N.dll
2007-04-30 22:28 111,104 --a------ C:\WINDOWS\system\Lfpng70n.dll
2007-04-30 22:28 109,578 --a------ C:\WINDOWS\system32\Xcdsfx32.bin
2007-04-30 22:28 103,424 --a------ C:\WINDOWS\system\ltfil10N.DLL
2007-04-30 22:28 <DIR> d-------- C:\WINDOWS\Puzzl'Em1.0Beta2
2007-04-30 22:28 <DIR> d-------- C:\WINDOWS\Crush'Em 2.0
2007-04-30 22:28 <DIR> d-------- C:\Program Files\ScanExpress A3 USB
2007-04-30 22:27 <DIR> d-------- C:\Program Files\Temp
2007-04-30 22:18 0 --a------ C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\wklnhst.dat
2007-04-30 22:18 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Template
2007-04-30 21:28 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Lavasoft
2007-04-30 21:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-30 21:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-30 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-30 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-30 14:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 02:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-04-30 01:58 <DIR> d-------- C:\Program Files\Bonjour
2007-04-30 01:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-30 01:29 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-04-30 01:29 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-04-30 01:29 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-04-30 01:28 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-30 01:28 <DIR> d-------- C:\Program Files\Futuremark
2007-04-29 20:48 <DIR> d-------- C:\Program Files\Common Files\Serious Magic
2007-04-29 20:28 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 20:28 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-04-29 20:27 <DIR> d-------- C:\Program Files\Windows Media Components
2007-04-29 17:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-28 12:45 <DIR> d-------- C:\Program Files\BitTorrent
2007-04-28 12:45 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\BitTorrent
2007-04-28 12:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-28 12:26 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 01:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\Google
2007-04-28 01:38 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-04-28 01:37 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\McAfee.com Personal Firewall
2007-04-28 01:33 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-28 01:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-27 21:38 2,621,440 --ah----- C:\DOCUME~1\OWNER~1.NOT\NTUSER.DAT
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\WINDOWS
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\You've Got Pictures Screensaver
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\OWNER~1.NOT\APPLIC~1\SampleView
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
2007-04-27 21:38 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-05 22:41:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-05 22:38:16 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-04 00:37:11 -------- d-----w C:\Program Files\Common Files\?asks
2007-05-01 04:18:45 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Template
2007-05-01 04:18:42 0 ----a-w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\wklnhst.dat
2007-05-01 03:28:45 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Lavasoft
2007-05-01 02:10:42 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-30 20:22:02 -------- d-----w C:\Program Files\WildTangent
2007-04-30 20:21:34 -------- d-----w C:\Program Files\Gateway Games
2007-04-30 20:18:58 -------- d-----w C:\Program Files\Napster
2007-04-30 19:57:23 -------- d-----w C:\Program Files\BigFix
2007-04-30 19:21:29 -------- d-----w C:\Program Files\Pure Networks
2007-04-30 19:18:14 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-30 02:24:42 -------- d-----w C:\Program Files\Google
2007-04-29 23:28:18 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\BitTorrent
2007-04-28 18:26:35 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\Google
2007-04-28 07:37:41 -------- d-----w C:\DOCUME~1\OWNER~1.NOT\APPLIC~1.\McAfee.com Personal Firewall
2007-03-22 02:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 02:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 02:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-19 11:01:20 252,356 ----a-w C:\WINDOWS\b128.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{0FE4CE2A-A989-43D4-9555-FE80CB097FB9}"="C:\WINDOWS\system32\inqkkegs.dll" [x]
"{22D4A607-B97E-2EA8-0CA2-051A936DF118}"="C:\WINDOWS\system32\rnsckan.dll" [x]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{67CED405-DE98-4ED8-9CFA-319B4C317435}"="C:\WINDOWS\system32\ssqro.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
@="C:\\WINDOWS\\Gtwatch.exe"
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqro
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-06 19:28:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-06 19:29:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-06 19:29
C:\ComboFix2.txt ... 2007-05-06 00:42
------------------------------------------------------------
combofix quarantined files
Code:
2005-08-02 16:46 187904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir
2005-08-02 16:58 293888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\IA\command.exe.vir
2007-01-12 14:00 18031 --a------ C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-03-19 12:30 60928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ypcos.dll.vir
2007-03-19 12:31 228864 --a------ C:\Qoobox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1\FNTS~1\?xplorer.exe
2007-04-29 20:06 104 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\OWNER~1.NOT\Desktop\Internet.lnk.vir
2007-04-30 02:38 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yayywtu.dll.vir
2007-04-30 02:39 22016 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winbfi32.dll.vir
2007-04-30 02:39 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqonk.dll.vir
2007-04-30 02:39 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqronl.dll.vir
2007-04-30 02:39 63488 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nhiiuxj.dll.vir
2007-04-30 02:39 86528 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eswyvfl.dll.vir
2007-04-30 02:43 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrsst.dll.vir
2007-04-30 19:33 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqnmj.dll.vir
2007-04-30 20:09 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljkkkj.dll.vir
2007-05-01 09:35 146432 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir
2007-05-02 22:41 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qommmmj.dll.vir
2007-05-02 22:41 63488 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bpqsrdi.dll.vir
2007-05-02 22:41 86016 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jdzsnmj.dll.vir
2007-05-02 22:47 1396546 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dgjlm.bak1.vir
2007-05-02 22:47 284244 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljgd.dll.vir
2007-05-02 22:47 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mpcfancr.dll.vir
2007-05-02 22:47 76412 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jspvkdql.dll.vir
2007-05-03 18:24 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vtuutts.dll.vir
2007-05-03 19:44 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqqqn.dll.vir
2007-05-04 23:22 132660 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jgepcvhb.dll.vir
2007-05-05 14:03 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir
2007-05-05 14:03 687592 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir
2007-05-05 23:06 131604 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\evjfiaom.dll.vir
2007-05-05 23:06 1496335 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dgjlm.bak2.vir
2007-05-06 00:32 1463544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bhvcpegj.ini.vir
2007-05-06 00:37 1493238 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dgjlm.ini.vir
2007-05-06 00:38 132660 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jnhbbfuk.dll.vir
2007-05-06 00:38 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\luyhsser.dll.vir
2007-05-06 00:39 1463604 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kufbbhnj.ini.vir
2007-05-06 00:44 26678 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vtuvtts.dll.vir
2007-05-06 00:44 40183 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-05-06 00:52 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pbkhejey.dll.vir
2007-05-06 00:55 132660 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\khhvvmmu.dll.vir
2007-05-06 19:22 1463187 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ummvvhhk.ini.vir
Folder PATH listing
Volume serial number is A4A0-F2FA
C:\QOOBOX
+---purity
| \---C
| +---DOCUME~1
| | \---OWNER~1.NOT
| | +---APPLIC~1
| | | \---SSTEM~1
| | \---MYDOCU~1
| | \---FNTS~1
| | ?xplorer.exe
| |
| +---Program Files
| | +---Common Files
| | | \---WNSXS~1
| | +---DOBE~1
| | \---MBOLS~1
| \---WINDOWS
| \---FNTS~1
\---Quarantine
\---C
+---DOCUME~1
| \---OWNER~1.NOT
| \---Desktop
| Internet.lnk.vir
|
+---Program Files
| +---Common Files
| | Yazzle1162OinAdmin.exe.vir
| | Yazzle1162OinUninstaller.exe.vir
| |
| \---Outerinfo
| Terms.rtf.vir
|
\---WINDOWS
+---IA
| asappsrv.dll.vir
| command.exe.vir
|
\---system32
atmtd.dll.vir
atmtd.dll._.vir
awtrsst.dll.vir
bhvcpegj.ini.vir
bpqsrdi.dll.vir
dgjlm.bak1.vir
dgjlm.bak2.vir
dgjlm.ini.vir
eswyvfl.dll.vir
evjfiaom.dll.vir
jdzsnmj.dll.vir
jgepcvhb.dll.vir
jnhbbfuk.dll.vir
jspvkdql.dll.vir
khhvvmmu.dll.vir
kufbbhnj.ini.vir
luyhsser.dll.vir
mljgd.dll.vir
mljkkkj.dll.vir
mpcfancr.dll.vir
nhiiuxj.dll.vir
pbkhejey.dll.vir
qommmmj.dll.vir
ssqqnmj.dll.vir
ssqqonk.dll.vir
ssqqqqn.dll.vir
ssqronl.dll.vir
ummvvhhk.ini.vir
vtuutts.dll.vir
vtuvtts.dll.vir
winbfi32.dll.vir
yayywtu.dll.vir
ypcos.dll.vir
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:01:40 AM 5/7/2007
+ Scan result:
C:\QooBox\Quarantine\C\WINDOWS\system32\evjfiaom.dll.vir -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007279.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007435.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007561.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir -> Adware.CommAd : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\IA\command.exe.vir -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003529.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007275.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007276.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007353.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ypcos.dll.vir -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\QooBox\purity\C\DOCUME~1\OWNER~1.NOT\MYDOCU~1\FNTS~1\еxplorer.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0003038.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP12\A0003219.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP12\A0003220.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003271.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003282.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003283.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003498.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003499.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003504.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007306.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007339.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007457.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007476.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003331.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007541.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\awtrsst.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\mljkkkj.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\qommmmj.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqnmj.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqonk.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqqqqn.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqronl.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuutts.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vtuvtts.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\yayywtu.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003236.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003255.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003434.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007278.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007281.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007283.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007284.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007285.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007286.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007287.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007288.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007294.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007471.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003258.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003436.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003478.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003552.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004556.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004579.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004583.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004587.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004589.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004592.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007439.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003335.exe -> Downloader.Agent.bnc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003549.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004577.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004580.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004590.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007436.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003329.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0003037.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003272.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003273.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003491.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003480.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003506.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007272.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007441.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003508.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007543.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003381.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003489.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003486.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003488.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003487.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003474.exe -> Hijacker.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004557.exe -> Hijacker.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004581.exe -> Hijacker.Agent.jb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003327.exe -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003330.exe -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003334.exe -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP12\A0003225.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003248.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003257.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003268.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003287.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003435.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003477.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003492.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003551.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0003568.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0003569.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004578.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004582.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004586.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004593.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007438.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP9\A0002228.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003532.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003328.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003332.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003333.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003476.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003490.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003494.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003554.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003555.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004558.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004584.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004591.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007437.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007440.exe -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003260.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003261.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003437.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003438.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003493.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004588.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003433.exe -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP18\A0004585.exe -> Trojan.Obfuscated.ev : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003324.dll -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003325.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP14\A0003326.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0003039.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003262.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP13\A0003276.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP16\A0003432.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003500.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP17\A0003531.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007342.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP25\A0007542.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\IA\KE.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
------------------------------------------------
Incident Status Location
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Owner.notebook\Desktop\Click to Find and Fix Errors.url
Adware:adware/sqwire Not disinfected Windows Registry
Adware:Adware/SuperSpider Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\OWNER~1.NOT\LOCALS~1\Temp\mst44B.tmp
Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\temp\win1DE.tmp.exe[¦++\Yazzle1162OinAdmin.exe]
Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\temp\win235.tmp.exe[¦++\Yazzle1162OinAdmin.exe]
Adware:Adware/Yazzle Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\temp\win48E.tmp.exe[¦++\Yazzle1162OinAdmin.exe]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.notebook\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.notebook\Cookies\owner@trafficmp[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner.notebook\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir
Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jspvkdql.dll.vir
Adware:Adware/SuperSpider Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\winbfi32.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
--------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 1:37:30 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\Gtwatch.exe
C:\WINDOWS\gtwatch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.gateway.com/g/startpage.h...s=PTB&M=MX6426
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [] C:\WINDOWS\Gtwatch.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\flgrrcaf.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe