Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Malware Possibly...Need Help.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-24-2007, 06:36 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Malware Possibly...Need Help.
I've been having constant pop ups from IE that will show up frequently every 5 minutes after I end my IEXPLORER.exe process. SpybotSD has shown two constant results that won't disappear, and others have followed these two: Command Center, and Smitfraud. I've attempted using the Smitfraud fix and it apparently isn't doing any good. Can anyone help me out by taking a look at this log and possibly telling me what's causing these disruptions?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:56:25 PM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ppqpkkqc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F65A514-189D-099F-7E64-0753C0249F1F} - C:\WINDOWS\System32\hcaxgwb.dll
O2 - BHO: (no name) - {3A4260B3-4F1F-C099-60CE-04DE2E75A91A} - C:\WINDOWS\System32\akxsurc.dll
O2 - BHO: (no name) - {504CB3E8-0548-3DD7-FBCC-094E5FE15F87} - C:\WINDOWS\System32\vihzrei.dll
O2 - BHO: (no name) - {51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29} - C:\WINDOWS\System32\mvyjgd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ljhxsyje.dll
O2 - BHO: (no name) - {5C2154CF-76DE-EFFE-1918-094D7E5C6999} - C:\WINDOWS\System32\dnuetgf.dll
O2 - BHO: (no name) - {5D1E3438-27D5-40B1-97D6-4F3B6001B3E4} - C:\WINDOWS\system32\mljkigd.dll
O2 - BHO: (no name) - {5D87F288-16B3-E4A5-B4C7-03F7F3783E05} - C:\WINDOWS\System32\kjrrfig.dll
O2 - BHO: (no name) - {6E30F392-DC09-3A7C-3331-02EEEC294CB0} - C:\WINDOWS\System32\rrextmj.dll
O2 - BHO: (no name) - {6F43F6CA-4098-CA81-804E-0A9889D05A25} - C:\WINDOWS\System32\zthocvj.dll
O2 - BHO: (no name) - {70752D09-9239-8050-BB7B-00B06EF19CA5} - C:\WINDOWS\System32\mikjgzl.dll
O2 - BHO: RdTask Class - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\System32\ccc3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\System32\xwrpunkh.dll
O2 - BHO: (no name) - {BF6B3C0F-CB01-41B2-A75A-17AA8BC0E731} - (no file)
O2 - BHO: (no name) - {DED6B0CB-E110-4C24-8314-FE4D3EC0DA83} - (no file)
O2 - BHO: (no name) - {E55AA2E4-DA77-465E-9F2D-82FDBEB2D5D0} - (no file)
O2 - BHO: (no name) - {E91828D9-074E-4FCA-961C-56CACDFCF363} - C:\WINDOWS\System32\vtstu.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mrevjhfe.dll",setvm
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft] iusr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft] iusr.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: mljkigd - C:\WINDOWS\SYSTEM32\mljkigd.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ppqpkkqc.exe
O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Packets - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: updates - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)

--
End of file - 8193 bytes


Any help would be greatly appreciated. Thanks.
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-25-2007, 02:36 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 03:25 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
Alright, I ran ComboFix and here's what I got.

"Administrator" - 2007-06-25 2:17:59 - ComboFix 07-06-25.3 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adeeg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\asembl~1
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\fnts~1
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\fnts~1\m?dtc.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\ppatch~1
C:\Program Files\Common Files\{70848~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\curity~1
C:\Program Files\curity~1\??chost.exe
C:\Program Files\smante~1
C:\Program Files\vsadd-in
C:\WINDOWS\asks~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\chkdsk.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RDRIV
-------\cmdService
-------\DomainService
-------\rdriv


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


2007-06-25 02:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-22 20:41 4,628 --a------ C:\WINDOWS\system32\fuliqlwc.exe
2007-06-12 19:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-06-12 19:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
2007-06-06 18:01 1,903,537 --ahs---- C:\WINDOWS\system32\utstv.ini2
2007-06-06 17:52 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 17:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-06-06 17:14 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-06-06 17:14 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-06-06 17:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-06-06 17:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-06-06 17:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-06-06 17:14 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-06 17:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-06-06 17:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-06-06 17:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-06-06 17:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-06-06 17:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-06-06 17:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-06-06 17:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-06-06 17:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-06-06 17:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-06-06 17:14 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-06 17:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-06-06 17:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-06-06 17:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-06-06 17:14 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-06-06 17:14 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-06-06 17:14 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-06-06 17:14 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-06-06 17:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-06-06 17:14 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-06-06 17:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-06-06 17:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-06-06 17:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-06-06 17:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-06-06 17:14 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-06-06 17:14 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-06-06 17:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-06-06 17:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-06-06 17:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-06-06 17:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-06-06 17:14 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-06-06 17:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-06-06 17:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-06-06 17:14 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-06-06 17:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-06-06 17:14 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-06-06 17:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-06-06 17:14 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-06-06 17:14 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-06-06 17:14 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-06-06 17:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-06-06 17:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-06-06 17:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-06-06 17:14 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-06-06 17:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-06-06 17:14 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-06-06 17:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-06-06 17:14 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-06-06 17:14 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-06-06 17:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-06-06 17:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-06-06 17:14 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-06-06 17:14 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-06-06 17:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-06-06 17:14 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-06-06 17:14 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-06-06 17:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-06-06 15:57 <DIR> d-------- C:\Program Files\Steam
2007-05-30 17:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\bwtwhehq.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 08:08:07 1,906,471 --sha-w C:\WINDOWS\system32\utstv.bak1
2007-06-24 23:50:28 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-24 08:07:58 1,901,042 --sha-w C:\WINDOWS\system32\utstv.bak2
2007-06-20 22:48:01 -------- d-----w C:\Program Files\StepMania
2007-06-16 08:48:56 3,436 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-14 21:26:47 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-04 08:33:43 11,812,063 ------w C:\AVG7QT.DAT
2007-05-04 04:23:41 2 ----a-w C:\WINDOWS\system32\wtssu32.exe
2007-05-02 00:24:58 87,040 ----a-w C:\WINDOWS\system32\airanri.dll
2007-05-02 00:24:58 64,000 ----a-w C:\WINDOWS\system32\mikjgzl.dll
2007-04-29 17:39:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-29 15:03:37 86,528 ----a-w C:\WINDOWS\system32\wevjvfl.dll
2007-04-29 15:03:37 63,488 ----a-w C:\WINDOWS\system32\mvyjgd.dll
2007-04-29 14:48:02 1,401,764 --sha-w C:\WINDOWS\system32\hjllm.bak2
2007-04-28 00:53:55 17,448 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-21 19:56:23 86,016 ----a-w C:\WINDOWS\system32\zthocvj.dll
2007-04-21 19:56:23 62,976 ----a-w C:\WINDOWS\system32\akxsurc.dll
2007-04-21 05:29:04 1,807 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 03:04:57 225,280 ----a-w C:\WINDOWS\system32\ccc3.dll
2007-04-21 03:04:33 86,528 ----a-w C:\WINDOWS\system32\dnpvjt.dll
2007-04-21 03:04:33 63,488 ----a-w C:\WINDOWS\system32\dnuetgf.dll
2007-04-19 21:14:14 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-04-19 20:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 20:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 20:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 20:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 20:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 20:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 20:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 20:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 20:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 20:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 20:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 20:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 20:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 20:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 20:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 20:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 20:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 20:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 20:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 20:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 20:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 20:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 20:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 20:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 20:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 20:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 20:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 20:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 20:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-19 04:15:51 1,402,607 --sha-w C:\WINDOWS\system32\hjllm.bak1
2007-04-16 04:03:36 86,528 ----a-w C:\WINDOWS\system32\rrextmj.dll
2007-04-16 04:03:36 64,000 ----a-w C:\WINDOWS\system32\vihzrei.dll
2007-04-15 09:36:40 86,528 ----a-w C:\WINDOWS\system32\kpwmxpg.dll
2007-04-15 09:36:40 63,488 ----a-w C:\WINDOWS\system32\kjrrfig.dll
2007-04-14 06:48:59 86,016 ----a-w C:\WINDOWS\system32\cfiwaml.dll
2007-04-14 06:48:59 63,488 ----a-w C:\WINDOWS\system32\hcaxgwb.dll
2007-04-10 03:04:00 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-04-10 02:52:06 8,192 ----a-w C:\WINDOWS\system32\resetwpa.reg
2007-04-01 06:47:09 86,528 ----a-w C:\WINDOWS\system32\xhfuvlg.dll
2007-03-30 22:52:58 86,528 ----a-w C:\WINDOWS\system32\ibfbokf.dll
2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\QW50aG9ueQ\kqcXu36Ryk.vbs
2003-07-07 12:00:00 177,664 --sha-r C:\WINDOWS\system32\iusr.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F65A514-189D-099F-7E64-0753C0249F1F}=C:\WINDOWS\System32\hcaxgwb.dll [2007-04-13 23:48]
{3A4260B3-4F1F-C099-60CE-04DE2E75A91A}=C:\WINDOWS\System32\akxsurc.dll [2007-04-21 12:56]
{504CB3E8-0548-3DD7-FBCC-094E5FE15F87}=C:\WINDOWS\System32\vihzrei.dll [2007-04-15 21:03]
{51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29}=C:\WINDOWS\System32\mvyjgd.dll [2007-04-29 08:03]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5C2154CF-76DE-EFFE-1918-094D7E5C6999}=C:\WINDOWS\System32\dnuetgf.dll [2007-04-20 20:04]
{5D1E3438-27D5-40B1-97D6-4F3B6001B3E4}=C:\WINDOWS\system32\mljkigd.dll []
{5D87F288-16B3-E4A5-B4C7-03F7F3783E05}=C:\WINDOWS\System32\kjrrfig.dll [2007-04-15 02:36]
{6E30F392-DC09-3A7C-3331-02EEEC294CB0}=C:\WINDOWS\System32\rrextmj.dll [2007-04-15 21:03]
{6F43F6CA-4098-CA81-804E-0A9889D05A25}=C:\WINDOWS\System32\zthocvj.dll [2007-04-21 12:56]
{70752D09-9239-8050-BB7B-00B06EF19CA5}=C:\WINDOWS\System32\mikjgzl.dll [2007-05-01 17:24]
{73E0DDC2-A93A-4D64-97B5-646627F61DD2}=C:\WINDOWS\System32\ccc3.dll [2007-04-20 20:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{E91828D9-074E-4FCA-961C-56CACDFCF363}=C:\WINDOWS\System32\vtstu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-28 22:56]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2004-09-16 17:15]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 13:26]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 13:26]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 21:00]
"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k" []
"2chkdsk"="C:\WINDOWS\System32\mrevjhfe.dll" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft"=iusr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D1E3438-27D5-40B1-97D6-4F3B6001B3E4}"="C:\WINDOWS\system32\mljkigd.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigd]
mljkigd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
C:\WINDOWS\System32\mlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
C:\WINDOWS\System32\vtstu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
winrge32.dll


Contents of the 'Scheduled Tasks' folder
2007-06-18 15:22:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 02:20:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-25 2:20:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-25 02:20

--- E O F ---


Now, here's a new HJT report.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:22:25 AM, on 6/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F65A514-189D-099F-7E64-0753C0249F1F} - C:\WINDOWS\System32\hcaxgwb.dll
O2 - BHO: (no name) - {3A4260B3-4F1F-C099-60CE-04DE2E75A91A} - C:\WINDOWS\System32\akxsurc.dll
O2 - BHO: (no name) - {504CB3E8-0548-3DD7-FBCC-094E5FE15F87} - C:\WINDOWS\System32\vihzrei.dll
O2 - BHO: (no name) - {51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29} - C:\WINDOWS\System32\mvyjgd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C2154CF-76DE-EFFE-1918-094D7E5C6999} - C:\WINDOWS\System32\dnuetgf.dll
O2 - BHO: (no name) - {5D1E3438-27D5-40B1-97D6-4F3B6001B3E4} - C:\WINDOWS\system32\mljkigd.dll (file missing)
O2 - BHO: (no name) - {5D87F288-16B3-E4A5-B4C7-03F7F3783E05} - C:\WINDOWS\System32\kjrrfig.dll
O2 - BHO: (no name) - {6E30F392-DC09-3A7C-3331-02EEEC294CB0} - C:\WINDOWS\System32\rrextmj.dll
O2 - BHO: (no name) - {6F43F6CA-4098-CA81-804E-0A9889D05A25} - C:\WINDOWS\System32\zthocvj.dll
O2 - BHO: (no name) - {70752D09-9239-8050-BB7B-00B06EF19CA5} - C:\WINDOWS\System32\mikjgzl.dll
O2 - BHO: RdTask Class - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\System32\ccc3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {BF6B3C0F-CB01-41B2-A75A-17AA8BC0E731} - (no file)
O2 - BHO: (no name) - {DED6B0CB-E110-4C24-8314-FE4D3EC0DA83} - (no file)
O2 - BHO: (no name) - {E55AA2E4-DA77-465E-9F2D-82FDBEB2D5D0} - (no file)
O2 - BHO: (no name) - {E91828D9-074E-4FCA-961C-56CACDFCF363} - C:\WINDOWS\System32\vtstu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mrevjhfe.dll",setvm
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft] iusr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft] iusr.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: mljkigd - mljkigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll (file missing)
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Packets - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: updates - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)

--
End of file - 7926 bytes


I hope this helps.
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 03:51 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
Please disable AdWatch, as it may hinder the removal of some entries.
You can re-enable it after you're clean. To disable AdWatch:
  • Open AdAware SE.
  • Go to AdWatch User Interface.
  • Go to Tools and Preferences.
  • At the bottom of the screen you will see 2 options Active and Automatic.
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.
  • Unless they are turned off they could interfere with the fix by HijackThis.

-----------------


Before fixing anything, open notepad and Copy/Paste the text in the box below into it:

Code:
@echo off
For %%g in (
C:\WINDOWS\system32\airanri.dll
C:\WINDOWS\system32\mikjgzl.dll
C:\WINDOWS\system32\wevjvfl.dll
C:\WINDOWS\system32\mvyjgd.dll
C:\WINDOWS\system32\zthocvj.dll
C:\WINDOWS\system32\akxsurc.dll
C:\WINDOWS\system32\ccc3.dll
C:\WINDOWS\system32\dnpvjt.dll
C:\WINDOWS\system32\dnuetgf.dll
C:\WINDOWS\system32\rrextmj.dll
C:\WINDOWS\system32\vihzrei.dll
C:\WINDOWS\system32\kpwmxpg.dll
C:\WINDOWS\system32\kjrrfig.dll
C:\WINDOWS\system32\cfiwaml.dll
C:\WINDOWS\system32\hcaxgwb.dll
C:\WINDOWS\system32\xhfuvlg.dll
C:\WINDOWS\system32\ibfbokf.dll
C:\WINDOWS\system32\iusr.exe
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit
Save this as Submit.bat Choose to "Save type as - All Files". It should look like this:
Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip
Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {2F65A514-189D-099F-7E64-0753C0249F1F} - C:\WINDOWS\System32\hcaxgwb.dll
O2 - BHO: (no name) - {3A4260B3-4F1F-C099-60CE-04DE2E75A91A} - C:\WINDOWS\System32\akxsurc.dll
O2 - BHO: (no name) - {504CB3E8-0548-3DD7-FBCC-094E5FE15F87} - C:\WINDOWS\System32\vihzrei.dll
O2 - BHO: (no name) - {51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29} - C:\WINDOWS\System32\mvyjgd.dll
O2 - BHO: (no name) - {5C2154CF-76DE-EFFE-1918-094D7E5C6999} - C:\WINDOWS\System32\dnuetgf.dll
O2 - BHO: (no name) - {5D1E3438-27D5-40B1-97D6-4F3B6001B3E4} - C:\WINDOWS\system32\mljkigd.dll (file missing)
O2 - BHO: (no name) - {5D87F288-16B3-E4A5-B4C7-03F7F3783E05} - C:\WINDOWS\System32\kjrrfig.dll
O2 - BHO: (no name) - {6E30F392-DC09-3A7C-3331-02EEEC294CB0} - C:\WINDOWS\System32\rrextmj.dll
O2 - BHO: (no name) - {6F43F6CA-4098-CA81-804E-0A9889D05A25} - C:\WINDOWS\System32\zthocvj.dll
O2 - BHO: (no name) - {70752D09-9239-8050-BB7B-00B06EF19CA5} - C:\WINDOWS\System32\mikjgzl.dll
O2 - BHO: RdTask Class - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\System32\ccc3.dll
O2 - BHO: (no name) - {BF6B3C0F-CB01-41B2-A75A-17AA8BC0E731} - (no file)
O2 - BHO: (no name) - {DED6B0CB-E110-4C24-8314-FE4D3EC0DA83} - (no file)
O2 - BHO: (no name) - {E55AA2E4-DA77-465E-9F2D-82FDBEB2D5D0} - (no file)
O2 - BHO: (no name) - {E91828D9-074E-4FCA-961C-56CACDFCF363} - C:\WINDOWS\System32\vtstu.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\mrevjhfe.dll",setvm
O4 - HKUS\S-1-5-18\..\Run: [Microsoft] iusr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft] iusr.exe (User 'Default user')
O20 - Winlogon Notify: mljkigd - mljkigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll (file missing)
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll (file missing)
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe (file missing)
O23 - Service: Packets - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: updates - Unknown owner - C:\windows\system32\dllcache\services.exe (file missing)
O23 - Service: vwsrv - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\system32\fuliqlwc.exe
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\DOCUME~1\ALLUSE~1\APPLIC~1\bwtwhehq.exe
C:\WINDOWS\system32\wtssu32.exe
C:\WINDOWS\system32\airanri.dll
C:\WINDOWS\system32\mikjgzl.dll
C:\WINDOWS\system32\wevjvfl.dll
C:\WINDOWS\system32\mvyjgd.dll
C:\WINDOWS\system32\zthocvj.dll
C:\WINDOWS\system32\akxsurc.dll
C:\WINDOWS\system32\ccc3.dll
C:\WINDOWS\system32\dnpvjt.dll
C:\WINDOWS\system32\dnuetgf.dll
C:\WINDOWS\system32\rrextmj.dll
C:\WINDOWS\system32\vihzrei.dll
C:\WINDOWS\system32\kpwmxpg.dll
C:\WINDOWS\system32\kjrrfig.dll
C:\WINDOWS\system32\cfiwaml.dll
C:\WINDOWS\system32\hcaxgwb.dll
C:\WINDOWS\system32\xhfuvlg.dll
C:\WINDOWS\system32\ibfbokf.dll
C:\WINDOWS\system32\iusr.exe
Folder::
C:\WINDOWS\QW50aG9ueQ
Driver::
DisplayController
EthernetController
Packets
updates
vwsrv
Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2f65a514-189d-099f-7e64-0753c0249f1f}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3a4260b3-4f1f-c099-60ce-04de2e75a91a}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{504cb3e8-0548-3dd7-fbcc-094e5fe15f87}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{51f5b6da-f1bf-89c4-05f2-08c3e2c17b29}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c2154cf-76de-effe-1918-094d7e5c6999}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d1e3438-27d5-40b1-97d6-4f3b6001b3e4}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d87f288-16b3-e4a5-b4c7-03f7f3783e05}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e30f392-dc09-3a7c-3331-02eeec294cb0}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6f43f6ca-4098-ca81-804e-0a9889d05a25}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{70752d09-9239-8050-bb7b-00b06ef19ca5}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{73e0ddc2-a93a-4d64-97b5-646627f61dd2}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e91828d9-074e-4fca-961c-56cacdfcf363}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"2chkdsk"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. We only require a report from it.
    It does not provide an option to clean/disinfect.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 03:51 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 04:14 PM   #6 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
Here are the 3 things you asked for. (:

1. HiJackScan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:09:08 PM, on 6/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5625 bytes

2. Online Scan
Monday, June 25, 2007 3:08:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/06/2007
Kaspersky Anti-Virus database records: 352112
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 52205
Number of viruses found 25
Number of infected objects 189 / 0
Number of suspicious objects 0
Duration of the scan process 00:35:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-177.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-284.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-461.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-517.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-661.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-668.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-750.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-913.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-971.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007062520070626\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~ROMFN_00000A34 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\DOCUME~1\ADMINI~1\MYDOCU~1\FNTS~1\mѕdtc.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\CURITY~1\ѕνchost.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\FNTS~1\chkdsk.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hcaxgwb.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ibfbokf.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iusr.exe.vir Infected: Backdoor.Win32.Rbot.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xhfuvlg.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/airanri.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/mikjgzl.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/wevjvfl.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/mvyjgd.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/zthocvj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/akxsurc.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/dnpvjt.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/dnuetgf.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/rrextmj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/vihzrei.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/kpwmxpg.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/kjrrfig.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/cfiwaml.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/hcaxgwb.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip ZIP: infected - 14 skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019221.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019402.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019404.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP108\A0019492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0019590.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0020669.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0020670.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP111\A0020724.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP111\A0020732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP113\A0020873.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021733.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021741.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP115\A0021792.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP115\A0021794.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP116\A0021833.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP116\A0021835.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021959.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021973.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022025.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022230.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022231.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022232.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022233.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022235.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022237.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022239.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022240.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022241.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022242.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022244.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022245.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022248.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022249.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022250.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022251.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022252.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022253.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022254.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022255.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022256.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022257.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022258.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022259.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022260.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022263.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022264.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022266.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022267.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022268.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022269.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022271.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022272.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022273.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022274.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022276.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022277.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022278.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022279.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022280.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022281.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022282.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022283.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022293.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022294.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022367.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022369.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022370.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022372.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022373.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022375.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022377.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022378.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022379.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022380.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\change.log Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0003551.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5000 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0003553.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004544.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004545.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004546.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004547.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004548.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004654.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004656.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004657.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005672.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP45\A0005741.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006844.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006845.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006847.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006853.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006854.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006856.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006857.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011072.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011073.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011098.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011101.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011102.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014160.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014161.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014197.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014198.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014199.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014202.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP57\A0015251.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP58\A0015295.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP59\A0015320.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP60\A0015354.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016200.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016246.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP67\A0016321.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016489.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016490.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016491.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016492.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016507.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP71\A0016570.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP71\A0016573.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016592.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016643.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe/data.rar/cxss.exe Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe/data.rar Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016645.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016647.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016648.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016650.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016651.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016654.exe/SkuZ.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016654.exe nBinder 5.0: infected - 1 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/hiderun.exe Infected: not-a-virus:RiskTool.Win32.HideRun skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/TPSrv.exe Infected: Backdoor.Win32.Iroffer.ab skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/svchost.exe Infected: Backdoor.Win32.ServU-based skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar Infected: Backdoor.Win32.ServU-based skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016659.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016660.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe/data.rar/cxss.exe Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe/data.rar Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016662.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016667.exe/SkuZ.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016667.exe nBinder 5.0: infected - 1 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016671.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018600.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP93\A0018720.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP95\A0018813.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP97\A0018927.exe Infected: not-a-virus:RiskTool.Win32.HideRun skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.


3. Combo Fix's Log
File::
C:\WINDOWS\system32\fuliqlwc.exe
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\DOCUME~1\ALLUSE~1\APPLIC~1\bwtwhehq.exe
C:\WINDOWS\system32\wtssu32.exe
C:\WINDOWS\system32\airanri.dll
C:\WINDOWS\system32\mikjgzl.dll
C:\WINDOWS\system32\wevjvfl.dll
C:\WINDOWS\system32\mvyjgd.dll
C:\WINDOWS\system32\zthocvj.dll
C:\WINDOWS\system32\akxsurc.dll
C:\WINDOWS\system32\ccc3.dll
C:\WINDOWS\system32\dnpvjt.dll
C:\WINDOWS\system32\dnuetgf.dll
C:\WINDOWS\system32\rrextmj.dll
C:\WINDOWS\system32\vihzrei.dll
C:\WINDOWS\system32\kpwmxpg.dll
C:\WINDOWS\system32\kjrrfig.dll
C:\WINDOWS\system32\cfiwaml.dll
C:\WINDOWS\system32\hcaxgwb.dll
C:\WINDOWS\system32\xhfuvlg.dll
C:\WINDOWS\system32\ibfbokf.dll
C:\WINDOWS\system32\iusr.exe
Folder::
C:\WINDOWS\QW50aG9ueQ
Driver::
DisplayController
EthernetController
Packets
updates
vwsrv
Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2f65a514-189d-099f-7e64-0753c0249f1f}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3a4260b3-4f1f-c099-60ce-04de2e75a91a}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{504cb3e8-0548-3dd7-fbcc-094e5fe15f87}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{51f5b6da-f1bf-89c4-05f2-08c3e2c17b29}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c2154cf-76de-effe-1918-094d7e5c6999}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d1e3438-27d5-40b1-97d6-4f3b6001b3e4}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d87f288-16b3-e4a5-b4c7-03f7f3783e05}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e30f392-dc09-3a7c-3331-02eeec294cb0}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6f43f6ca-4098-ca81-804e-0a9889d05a25}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{70752d09-9239-8050-bb7b-00b06ef19ca5}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{73e0ddc2-a93a-4d64-97b5-646627f61dd2}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e91828d9-074e-4fca-961c-56cacdfcf363}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"2chkdsk"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]


I didn't experience any problems at all, you give a great tutorial. Tell me if there's anything else I need to do.
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 11:06 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
Ermm ...you posted the wrong combofix log. The one posted is the ComboFix-Do.txt which I had you create.

The one that should be posted is located at C:\ComboFix.txt
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2007, 12:10 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
This is the other one I have.

"Administrator" - 2007-06-25 2:17:59 - ComboFix 07-06-25.3 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adeeg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\asembl~1
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\fnts~1
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\fnts~1\m?dtc.exe
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\ppatch~1
C:\Program Files\Common Files\{70848~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\curity~1
C:\Program Files\curity~1\??chost.exe
C:\Program Files\smante~1
C:\Program Files\vsadd-in
C:\WINDOWS\asks~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\chkdsk.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RDRIV
-------\cmdService
-------\DomainService
-------\rdriv


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


2007-06-25 02:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-22 20:41 4,628 --a------ C:\WINDOWS\system32\fuliqlwc.exe
2007-06-12 19:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-06-12 19:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
2007-06-06 18:01 1,903,537 --ahs---- C:\WINDOWS\system32\utstv.ini2
2007-06-06 17:52 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 17:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-06-06 17:14 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-06-06 17:14 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-06-06 17:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-06-06 17:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-06-06 17:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-06-06 17:14 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-06 17:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-06-06 17:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-06-06 17:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-06-06 17:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-06-06 17:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-06-06 17:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-06-06 17:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-06-06 17:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-06-06 17:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-06-06 17:14 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-06 17:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-06-06 17:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-06-06 17:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-06-06 17:14 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-06-06 17:14 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-06-06 17:14 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-06-06 17:14 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-06-06 17:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-06-06 17:14 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-06-06 17:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-06-06 17:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-06-06 17:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-06-06 17:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-06-06 17:14 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-06-06 17:14 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-06-06 17:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-06-06 17:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-06-06 17:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-06-06 17:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-06-06 17:14 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-06-06 17:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-06-06 17:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-06-06 17:14 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-06-06 17:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-06-06 17:14 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-06-06 17:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-06-06 17:14 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-06-06 17:14 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-06-06 17:14 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-06-06 17:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-06-06 17:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-06-06 17:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-06-06 17:14 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-06-06 17:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-06-06 17:14 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-06-06 17:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-06-06 17:14 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-06-06 17:14 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-06-06 17:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-06-06 17:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-06-06 17:14 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-06-06 17:14 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-06-06 17:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-06-06 17:14 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-06-06 17:14 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-06-06 17:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-06-06 15:57 <DIR> d-------- C:\Program Files\Steam
2007-05-30 17:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\bwtwhehq.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 08:08:07 1,906,471 --sha-w C:\WINDOWS\system32\utstv.bak1
2007-06-24 23:50:28 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-24 08:07:58 1,901,042 --sha-w C:\WINDOWS\system32\utstv.bak2
2007-06-20 22:48:01 -------- d-----w C:\Program Files\StepMania
2007-06-16 08:48:56 3,436 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-14 21:26:47 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-04 08:33:43 11,812,063 ------w C:\AVG7QT.DAT
2007-05-04 04:23:41 2 ----a-w C:\WINDOWS\system32\wtssu32.exe
2007-05-02 00:24:58 87,040 ----a-w C:\WINDOWS\system32\airanri.dll
2007-05-02 00:24:58 64,000 ----a-w C:\WINDOWS\system32\mikjgzl.dll
2007-04-29 17:39:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-29 15:03:37 86,528 ----a-w C:\WINDOWS\system32\wevjvfl.dll
2007-04-29 15:03:37 63,488 ----a-w C:\WINDOWS\system32\mvyjgd.dll
2007-04-29 14:48:02 1,401,764 --sha-w C:\WINDOWS\system32\hjllm.bak2
2007-04-28 00:53:55 17,448 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-21 19:56:23 86,016 ----a-w C:\WINDOWS\system32\zthocvj.dll
2007-04-21 19:56:23 62,976 ----a-w C:\WINDOWS\system32\akxsurc.dll
2007-04-21 05:29:04 1,807 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 03:04:57 225,280 ----a-w C:\WINDOWS\system32\ccc3.dll
2007-04-21 03:04:33 86,528 ----a-w C:\WINDOWS\system32\dnpvjt.dll
2007-04-21 03:04:33 63,488 ----a-w C:\WINDOWS\system32\dnuetgf.dll
2007-04-19 21:14:14 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-04-19 20:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 20:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 20:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 20:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 20:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 20:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 20:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 20:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 20:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 20:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 20:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 20:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 20:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 20:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 20:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 20:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 20:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 20:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 20:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 20:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 20:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 20:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 20:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 20:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 20:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 20:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 20:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 20:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 20:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-19 04:15:51 1,402,607 --sha-w C:\WINDOWS\system32\hjllm.bak1
2007-04-16 04:03:36 86,528 ----a-w C:\WINDOWS\system32\rrextmj.dll
2007-04-16 04:03:36 64,000 ----a-w C:\WINDOWS\system32\vihzrei.dll
2007-04-15 09:36:40 86,528 ----a-w C:\WINDOWS\system32\kpwmxpg.dll
2007-04-15 09:36:40 63,488 ----a-w C:\WINDOWS\system32\kjrrfig.dll
2007-04-14 06:48:59 86,016 ----a-w C:\WINDOWS\system32\cfiwaml.dll
2007-04-14 06:48:59 63,488 ----a-w C:\WINDOWS\system32\hcaxgwb.dll
2007-04-10 03:04:00 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-04-10 02:52:06 8,192 ----a-w C:\WINDOWS\system32\resetwpa.reg
2007-04-01 06:47:09 86,528 ----a-w C:\WINDOWS\system32\xhfuvlg.dll
2007-03-30 22:52:58 86,528 ----a-w C:\WINDOWS\system32\ibfbokf.dll
2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\QW50aG9ueQ\kqcXu36Ryk.vbs
2003-07-07 12:00:00 177,664 --sha-r C:\WINDOWS\system32\iusr.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F65A514-189D-099F-7E64-0753C0249F1F}=C:\WINDOWS\System32\hcaxgwb.dll [2007-04-13 23:48]
{3A4260B3-4F1F-C099-60CE-04DE2E75A91A}=C:\WINDOWS\System32\akxsurc.dll [2007-04-21 12:56]
{504CB3E8-0548-3DD7-FBCC-094E5FE15F87}=C:\WINDOWS\System32\vihzrei.dll [2007-04-15 21:03]
{51F5B6DA-F1BF-89C4-05F2-08C3E2C17B29}=C:\WINDOWS\System32\mvyjgd.dll [2007-04-29 08:03]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5C2154CF-76DE-EFFE-1918-094D7E5C6999}=C:\WINDOWS\System32\dnuetgf.dll [2007-04-20 20:04]
{5D1E3438-27D5-40B1-97D6-4F3B6001B3E4}=C:\WINDOWS\system32\mljkigd.dll []
{5D87F288-16B3-E4A5-B4C7-03F7F3783E05}=C:\WINDOWS\System32\kjrrfig.dll [2007-04-15 02:36]
{6E30F392-DC09-3A7C-3331-02EEEC294CB0}=C:\WINDOWS\System32\rrextmj.dll [2007-04-15 21:03]
{6F43F6CA-4098-CA81-804E-0A9889D05A25}=C:\WINDOWS\System32\zthocvj.dll [2007-04-21 12:56]
{70752D09-9239-8050-BB7B-00B06EF19CA5}=C:\WINDOWS\System32\mikjgzl.dll [2007-05-01 17:24]
{73E0DDC2-A93A-4D64-97B5-646627F61DD2}=C:\WINDOWS\System32\ccc3.dll [2007-04-20 20:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{E91828D9-074E-4FCA-961C-56CACDFCF363}=C:\WINDOWS\System32\vtstu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-28 22:56]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"AWMON"="C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2004-09-16 17:15]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 13:26]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 13:26]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 21:00]
"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k" []
"2chkdsk"="C:\WINDOWS\System32\mrevjhfe.dll" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft"=iusr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D1E3438-27D5-40B1-97D6-4F3B6001B3E4}"="C:\WINDOWS\system32\mljkigd.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigd]
mljkigd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
C:\WINDOWS\System32\mlljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
C:\WINDOWS\System32\vtstu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
winrge32.dll


Contents of the 'Scheduled Tasks' folder
2007-06-18 15:22:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 02:20:24
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-25 2:20:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-25 02:20

--- E O F ---
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2007, 12:14 AM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
Nope. That's not the one. Please run combofix once more by doubleclicking it. I just need to verify of certain files are gone
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2007, 12:52 AM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
I'm sorry if I'm making this difficult, I really appreciate your help.

"Administrator" - 2007-06-25 23:47:28 - ComboFix 07-06-25.3 - Service Pack 1 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-25 03:06 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-06-25 03:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-25 02:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 19:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-06-12 19:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\teamspeak2
2007-06-06 17:52 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 17:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-06-06 17:14 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-06-06 17:14 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-06-06 17:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-06-06 17:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-06-06 17:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-06-06 17:14 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-06-06 17:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-06-06 17:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-06-06 17:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-06-06 17:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-06-06 17:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-06-06 17:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-06-06 17:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-06-06 17:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-06-06 17:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-06-06 17:14 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-06 17:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-06-06 17:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-06-06 17:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-06-06 17:14 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-06-06 17:14 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-06-06 17:14 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-06-06 17:14 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-06-06 17:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-06 17:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-06-06 17:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-06-06 17:14 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-06-06 17:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-06-06 17:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-06-06 17:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-06-06 17:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-06-06 17:14 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-06-06 17:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-06-06 17:14 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-06-06 17:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-06-06 17:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-06-06 17:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-06-06 17:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-06-06 17:14 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-06-06 17:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-06-06 17:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-06-06 17:14 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-06-06 17:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-06-06 17:14 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-06-06 17:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-06-06 17:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-06-06 17:14 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-06-06 17:14 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-06-06 17:14 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-06-06 17:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-06-06 17:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-06-06 17:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-06-06 17:14 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-06-06 17:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-06-06 17:14 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-06-06 17:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-06-06 17:14 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-06-06 17:14 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-06-06 17:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-06-06 17:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-06-06 17:14 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-06-06 17:14 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-06-06 17:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-06-06 17:14 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-06-06 17:14 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-06-06 17:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-06-06 15:57 <DIR> d-------- C:\Program Files\Steam


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 23:50:28 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-06-20 22:48:01 -------- d-----w C:\Program Files\StepMania
2007-06-16 08:48:56 3,436 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-14 21:26:47 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-04 08:33:43 11,812,063 ------w C:\AVG7QT.DAT
2007-04-29 17:39:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-28 00:53:55 17,448 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-21 05:29:04 1,807 ----a-w C:\WINDOWS\mozver.dat
2007-04-19 21:14:14 208,896 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-04-19 20:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 20:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 20:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 20:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 20:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 20:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 20:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 20:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 20:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 20:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 20:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 20:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 20:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 20:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 20:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 20:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 20:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 20:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 20:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 20:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 20:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 20:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 20:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 20:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 20:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 20:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 20:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 20:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 20:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 20:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-10 03:04:00 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-04-10 02:52:06 8,192 ----a-w C:\WINDOWS\system32\resetwpa.reg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-28 22:56]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 17:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]


Contents of the 'Scheduled Tasks' folder
2007-06-25 15:22:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 23:48:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-25 23:48:38
C:\ComboFix-quarantined-files.txt ... 2007-06-25 23:48
C:\ComboFix3.txt ... 2007-06-25 02:20

--- E O F ---
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2007, 12:56 AM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Re: Malware Possibly...Need Help.
Of the stuff Kaspersky found,

C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2007, 01:21 AM   #12 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
Thank you very much, I appreciate all of your help. My computer seems to be working so much better now due to all of your assistance. This problem has been resolved. (:
Sillybear is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:19 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85