Author Topic: Topic for some1ok (Read 2020 times)

guestolo · « **on:** January 23, 2008, 01:44:57 AM »

Posting this for some1ok

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

some1ok · « **Reply #1 on:** January 23, 2008, 05:46:18 PM »

hey first of.. thanks man..and ill do my best to write properly...k heres the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:12 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7663 bytes

some1ok · « **Reply #2 on:** January 23, 2008, 07:29:10 PM »

Hi there.....k i jus posted a while...back...but now....im doing it again....so look at this one instead of the first post i put....k....also.....alll of a sudden..my windows installer keeps popping for nething i run...wht do i do...none the less...here the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:18 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7859 bytes

guestolo · « **Reply #3 on:** January 28, 2008, 07:41:02 PM »

Very sorry for the delay, If you still need a hand
Can you post a fresh hijackthis log please

some1ok · « **Reply #4 on:** January 29, 2008, 03:02:10 PM »

here it is...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:26 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7720 bytes

guestolo · « **Reply #5 on:** January 29, 2008, 07:39:22 PM »

Let's do the following please, can you disable McAfee's realtime protections till we have finished all the below steps

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvgoc.dll,startup

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards
Download [color=\"blue\"]VundoFix.exe[/color]
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."

I'll need to see this report from Vundofix later>>C:\Vundofix.txt
Afterwards:
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back all the following after the above is done, even if it takes more than one reply to do so

1. Post the log from Combofix, it's default location is >>C:\Combofix.txt
2. Post the log from Vundofix, it's default location is >>C:\Vundofix.txt
3. Run a fresh Scan>Save logfile with Hijackthis and post it's log also

some1ok · « **Reply #6 on:** January 30, 2008, 10:33:28 AM »

k
...so here is the log for ComboFix.

ComboFix 08-01-30.6 - Mathew 2008-01-30 10:22:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\vtuurol.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Mathew\Application Data\searchtoolbarcorp
C:\Documents and Settings\Mathew\Favorites\Error Cleaner.url
C:\Documents and Settings\Mathew\Favorites\Privacy Protector.url
C:\Documents and Settings\Mathew\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\{08466~1
C:\Program Files\cowabanga
C:\Program Files\cowabanga\License.txt
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\vsadd-in
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\duruaknp.dll
C:\WINDOWS\system32\fravaxbv.dll
C:\WINDOWS\system32\gdrileax.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jsnardlx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdnsnjsd.dll
C:\WINDOWS\system32\oplsisoj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\yosvesth.dll
C:\WINDOWS\system32\yrideqtt.dll

----- BITS: Possible infected sites -----

hxxp://77.91.228.186
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Program Files\Nsasoft
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 09:04 . 2008-01-30 10:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:04 . 2008-01-24 09:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-23 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-24 15:09 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:24 . 2008-01-21 20:24 103,936 --a------ C:\WINDOWS\system32\drvgoc.dll
2008-01-21 20:13 . 2008-01-21 20:16 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-21 20:00 . 2008-01-22 14:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid
2007-12-28 16:55 . 2007-12-11 17:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-28 16:55 . 2007-12-11 17:34 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-28 16:55 . 2007-12-11 17:34 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-27 17:14 . 2007-12-27 17:14 <DIR> d-------- C:\Program Files\eRightSoft
2007-12-27 16:48 . 2007-12-27 16:48 <DIR> d-------- C:\Program Files\Red Kawa
2007-12-27 16:42 . 2007-12-27 16:42 <DIR> d-------- C:\Program Files\E-Zsoft
2007-12-23 23:15 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-23 23:15 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-13 21:14 . 2007-12-13 21:14 <DIR> d-------- C:\Program Files\Veoh Networks
2007-12-11 17:33 . 2007-12-11 17:33 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-12-11 17:33 . 2007-12-11 17:33 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-02 17:27 . 2008-01-30 10:27 <DIR> d-------- C:\Program Files\iTunes
2007-12-02 17:27 . 2007-12-02 17:27 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-29 23:43 --------- d-----w C:\Program Files\FlashGet
2008-01-24 02:08 --------- d-----w C:\Program Files\MSN Messenger
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-22 16:30 --------- d-----w C:\Program Files\DellSupport
2008-01-22 16:24 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 21:11 --------- d-----w C:\Program Files\DivX
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-02 22:25 --------- d-----w C:\Program Files\Apple Software Update
2007-12-01 00:03 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Apple Computer
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

Code: [Select]

<pre>
 ----a-w			61,440 2008-01-22 15:38:48  C:\dell\bldbubg .exe
 ----a-w			57,344 2008-01-22 15:38:49  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
 ----a-w			81,920 2008-01-22 15:38:33  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
 ----a-w		   451,872 2008-01-22 15:39:18  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel .exe
 ----a-w		   180,269 2008-01-22 03:28:18  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
 ----a-w		   460,784 2008-01-22 16:30:01  C:\Program Files\DellSupport\DSAgnt .exe
 ----a-w		   267,048 2008-01-30 15:18:24  C:\Program Files\iTunes\iTunesHelper .exe
 ----a-w		   110,592 2008-01-22 15:39:29  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
 ----a-w		 1,117,184 2008-01-22 15:38:42  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
 ----a-w		   303,104 2008-01-22 15:39:27  C:\Program Files\McAfee.com\Agent\mcagent .exe
 ----a-w		   212,992 2008-01-22 15:38:38  C:\Program Files\McAfee.com\Agent\McUpdate .exe
 ----a-w		   999,424 2008-01-22 15:38:47  C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
 ----a-w		 5,674,352 2008-01-24 02:03:34  C:\Program Files\MSN Messenger\MsnMsgr .Exe
 ----a-w		   229,376 2008-01-22 15:38:58  C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
 ----a-w		   536,576 2008-01-22 15:39:10  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
 ----a-w			67,584 2008-01-22 15:38:30  C:\WINDOWS\ehome\ehtray .exe
 ----a-w			15,360 2008-01-22 15:39:17  C:\WINDOWS\system32\ctfmon .exe
 ----a-w		   114,688 2008-01-22 15:38:51  C:\WINDOWS\system32\hkcmd .exe
 ----a-w			94,208 2008-01-22 15:38:53  C:\WINDOWS\system32\igfxpers .exe
 ----a-w			98,304 2008-01-22 15:38:50  C:\WINDOWS\system32\igfxtray .exe
 ----a-w		   155,648 2008-01-22 15:38:57  C:\WINDOWS\system32\NeroCheck .exe
 ----a-w		   122,940 2008-01-22 15:38:43  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
 </pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 23:16:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-30 14:45:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-23 20:40:09 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 10:29:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-01-30 10:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 15:32:32
.
2008-01-30 03:38:04 --- E O F ---

k....one more thing....it delted my live messenger...i need it to do work...and stuff...so i installed it back...so wht do u say bout that?..
k
then

-----------------------------------------------------------------------------

here is VundoFix log

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 9:57:29 AM 1/30/2008

Listing files found while scanning....

C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\windows\system32\aeuketyb.exe
C:\windows\system32\aldbpxki.exe
C:\windows\system32\bsiphhlh.exe
C:\windows\system32\dkeklfqu.exe
C:\windows\system32\dpllaehs.exe
C:\windows\system32\dyjkjnor.exe
C:\windows\system32\gryrgnyv.exe
C:\windows\system32\hpkfnpgn.exe
C:\windows\system32\hsoncatk.exe
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\windows\system32\ikaufucs.exe
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.exe
C:\windows\system32\jngkwjjm.exe
C:\windows\system32\jnrxdkbu.exe
C:\windows\system32\mhyrwhnv.exe
C:\windows\system32\mrsfpnet.exe
C:\windows\system32\mrwfmwvp.exe
C:\windows\system32\nncdfxer.exe
C:\windows\system32\ogoluuoe.exe
C:\windows\system32\pthyprtn.exe
C:\windows\system32\rdbfjubl.exe
C:\windows\system32\rwouqdwi.exe
C:\windows\system32\tiftdcaf.exe
C:\windows\system32\tkmgdgfr.exe
C:\windows\system32\tkmyxdnr.exe
C:\WINDOWS\system32\vtuurol.dll
C:\windows\system32\weumsjux.exe
C:\windows\system32\woqgqnxl.exe
C:\windows\system32\xwuxefbv.exe
C:\windows\system32\ykiwcned.exe
C:\windows\system32\ykuantjj.exe

Beginning removal...

Attempting to delete C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Mathew\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\windows\system32\aeuketyb.exe
C:\windows\system32\aeuketyb.exe Has been deleted!

Attempting to delete C:\windows\system32\aldbpxki.exe
C:\windows\system32\aldbpxki.exe Has been deleted!

Attempting to delete C:\windows\system32\bsiphhlh.exe
C:\windows\system32\bsiphhlh.exe Has been deleted!

Attempting to delete C:\windows\system32\dkeklfqu.exe
C:\windows\system32\dkeklfqu.exe Has been deleted!

Attempting to delete C:\windows\system32\dpllaehs.exe
C:\windows\system32\dpllaehs.exe Has been deleted!

Attempting to delete C:\windows\system32\dyjkjnor.exe
C:\windows\system32\dyjkjnor.exe Has been deleted!

Attempting to delete C:\windows\system32\gryrgnyv.exe
C:\windows\system32\gryrgnyv.exe Has been deleted!

Attempting to delete C:\windows\system32\hpkfnpgn.exe
C:\windows\system32\hpkfnpgn.exe Has been deleted!

Attempting to delete C:\windows\system32\hsoncatk.exe
C:\windows\system32\hsoncatk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ikaufucs.exe
C:\windows\system32\ikaufucs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.exe
C:\WINDOWS\system32\jkkji.exe Has been deleted!

Attempting to delete C:\windows\system32\jngkwjjm.exe
C:\windows\system32\jngkwjjm.exe Has been deleted!

Attempting to delete C:\windows\system32\jnrxdkbu.exe
C:\windows\system32\jnrxdkbu.exe Has been deleted!

Attempting to delete C:\windows\system32\mhyrwhnv.exe
C:\windows\system32\mhyrwhnv.exe Has been deleted!

Attempting to delete C:\windows\system32\mrsfpnet.exe
C:\windows\system32\mrsfpnet.exe Has been deleted!

Attempting to delete C:\windows\system32\mrwfmwvp.exe
C:\windows\system32\mrwfmwvp.exe Has been deleted!

Attempting to delete C:\windows\system32\nncdfxer.exe
C:\windows\system32\nncdfxer.exe Has been deleted!

Attempting to delete C:\windows\system32\ogoluuoe.exe
C:\windows\system32\ogoluuoe.exe Has been deleted!

Attempting to delete C:\windows\system32\pthyprtn.exe
C:\windows\system32\pthyprtn.exe Has been deleted!

Attempting to delete C:\windows\system32\rdbfjubl.exe
C:\windows\system32\rdbfjubl.exe Has been deleted!

Attempting to delete C:\windows\system32\rwouqdwi.exe
C:\windows\system32\rwouqdwi.exe Has been deleted!

Attempting to delete C:\windows\system32\tiftdcaf.exe
C:\windows\system32\tiftdcaf.exe Has been deleted!

Attempting to delete C:\windows\system32\tkmgdgfr.exe
C:\windows\system32\tkmgdgfr.exe Has been deleted!

Attempting to delete C:\windows\system32\tkmyxdnr.exe
C:\windows\system32\tkmyxdnr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\vtuurol.dll Could not be deleted.

Attempting to delete C:\windows\system32\weumsjux.exe
C:\windows\system32\weumsjux.exe Has been deleted!

Attempting to delete C:\windows\system32\woqgqnxl.exe
C:\windows\system32\woqgqnxl.exe Has been deleted!

Attempting to delete C:\windows\system32\xwuxefbv.exe
C:\windows\system32\xwuxefbv.exe Has been deleted!

Attempting to delete C:\windows\system32\ykiwcned.exe
C:\windows\system32\ykiwcned.exe Has been deleted!

Attempting to delete C:\windows\system32\ykuantjj.exe
C:\windows\system32\ykuantjj.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\vtuurol.dll Could not be deleted.

Performing Repairs to the registry.
Done!

------------------------------------------------------------------------------------------
finally here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:20 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8127 bytes

so....tell me ...is it alrite if windows messenger is installed on spu again?....thx....btw...for helpin me out

guestolo · « **Reply #7 on:** January 31, 2008, 07:30:24 PM »

Quote

k....one more thing....it delted my live messenger.

actually, a file related to messenger is infected

Do the next step please

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

RenV::
C:\dell\bldbubg .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\McAfee\SpamKiller\MskAgent .exe
C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Nokia\Nokia PC Suite 6\LAUNCH~1 .EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE

File::
C:\WINDOWS\system32\drvgoc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]

Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..

Post back all the following

1. Post the log from combofix >>C:\Combofix.txt
2. Run a fresh Scan>>save logfile with Hijackthis and post it's log too

some1ok · « **Reply #8 on:** February 01, 2008, 02:48:52 PM »

ComboFix Log

ComboFix 08-02.01.6 - Mathew 2008-02-01 14:41:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathew\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE
C:\WINDOWS\system32\drvgoc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drvgoc.dll

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-01 14:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-01 14:14 . 2008-02-01 14:14 <DIR> d-------- C:\Program Files\MSBuild
2008-02-01 14:08 . 2008-02-01 14:08 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 15:33 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 23:09 . 2008-02-01 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 22:43 . 2008-01-30 22:43 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 12:22 . 2008-01-30 12:22 <DIR> d-------- C:\Program Files\Cakewalk
2008-01-30 11:30 . 2008-01-31 12:49 <DIR> d-------- C:\Program Files\AdVantage
2008-01-30 11:28 . 2008-01-30 11:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Program Files\Nsasoft
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 09:04 . 2008-02-01 14:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-24 09:04 . 2008-01-30 11:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-30 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:13 . 2008-01-21 20:16 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 19:46 --------- d-----w C:\Program Files\iTunes
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-31 04:01 --------- d-----w C:\Program Files\FlashGet
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-20 21:11 --------- d-----w C:\Program Files\DivX
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 22:14 --------- d-----w C:\Program Files\eRightSoft
2007-12-27 21:48 --------- d-----w C:\Program Files\Red Kawa
2007-12-27 21:42 --------- d-----w C:\Program Files\E-Zsoft
2007-12-14 02:14 --------- d-----w C:\Program Files\Veoh Networks
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-02 22:27 --------- d-----w C:\Program Files\iPod
2007-12-02 22:25 --------- d-----w C:\Program Files\Apple Software Update
2007-12-01 00:03 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Apple Computer
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8EE430F9-85E7-44B2-B7D2-1BE83735913A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 10:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 10:19 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-30 10:18 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 10:38 212992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-30 10:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 23:16:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 19:45:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 20:40:13 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:48:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
.
**************************************************************************
.
Completion time: 2008-02-01 14:52:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 19:52:15
ComboFix2.txt 2008-01-30 15:32:34
.
2008-01-31 15:12:53 --- E O F ---

---------------------------------------------------------------------------------------------------------------------------------

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:44 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 9889 bytes

guestolo · « **Reply #9 on:** February 01, 2008, 07:21:12 PM »

Can you disable AVG's Antispyware guard
Double-click on the AVG Tray Icon on the bottom right.
Double-click on "AVG Resident Shield"
Uncheck "Turn on AVG Resident Shield Protection" then click OK.

Can you access your add/remove programs and remove the following if found
Advantage or MediaAdVantage.

NEXT:
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {8EE430F9-85E7-44B2-B7D2-1BE83735913A} - (value not set) (file missing)
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer

Back in Windows
Can you temporarily disable McAfee's realtime protections
Then
use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Along with a fresh hijackthis log

some1ok · « **Reply #10 on:** February 02, 2008, 01:00:00 PM »

uhmmm about Advantage....i deleted it i think yesterday before u told me to...

so...

O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"

i couldnt delte that.. i mean..i couldnt find it in the log......any how

here is the

KScan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 12:57:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545970
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 119550
Number of viruses found: 20
Number of infected objects: 303
Number of suspicious objects: 0
Duration of the scan process: 02:12:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl5.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf36.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf37.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\Documents and Settings\Mathew\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Application Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\History\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF31F5.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF3203.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF43D9.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DF45EC.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temp\~DFDEA3.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{0DB0DFE7-77AD-4C1C-829A-2F5EA68C8688}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{4FF17810-2DA5-4E6D-8706-8052AEA133A5}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{AD0D789E-79DB-4B9B-9137-6DDDAEB5BB5F}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\Local Settings\Temporary Internet Files\Content.Word\~WRS{EFFCCDB1-5879-40B7-8D18-9ACB557A6756}.tmp Object is locked skipped
C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped
C:\Downloads\SUPERsetup200723.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ak skipped
C:\Joel\Logs\February 2008\rondantEmail Removed.txt Object is locked skipped
C:\Joel\SCHOOL\Chem\Lab 3\LAB FINAL.doc Object is locked skipped
C:\Program Files\eRightSoft\SUPER\Setup.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ak skipped
C:\QooBox\Quarantine\C\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\MsnMsgr.Exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drvgoc.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\duruaknp.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fravaxbv.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gdrileax.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jsnardlx.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdnsnjsd.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oplsisoj.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yosvesth.dll.vir Infected: Packed.Win32.Klone.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yrideqtt.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\catchme2008-01-30_102951.21.zip/vtuurol.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\QooBox\Quarantine\catchme2008-01-30_102951.21.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-3328300367-836374498-26292964-500\Dc1.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131258.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131259.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145194.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP621\A0145198.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP624\A0145242.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145246.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145247.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145249.exe Infected: Trojan-Downloader.Win32.Agent.hjs skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145437.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145548.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\A0145739.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145769.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145773.exe Infected: Trojan-Downloader.Win32.Agent.hat skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP628\A0145779.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP630\A0146132.dll Infected: Trojan-Downloader.Win32.Small.hsj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP634\A0146660.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0146818.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0146826.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146851.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146853.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146854.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146991.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0146996.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147001.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147002.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147003.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP637\A0147004.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147299.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147300.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147301.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP644\A0147313.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147318.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147385.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0147386.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147428.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147444.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147445.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147623.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147745.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147749.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147752.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147753.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147754.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP651\A0147755.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147776.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147800.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147801.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP653\A0147802.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0147836.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0147837.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147850.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147851.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP656\A0147878.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147887.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147888.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147899.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0147900.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP659\A0148252.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP659\A0148253.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0148290.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0149295.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0149310.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149334.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP662\A0149370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149387.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149389.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149390.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149412.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP665\A0149413.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0149435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0149436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP667\A0150435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP668\A0150440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150448.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP669\A0150453.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP670\A0150471.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150490.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150492.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150502.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150503.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150504.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150505.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150506.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150507.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150508.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150509.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150510.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150511.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150513.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150514.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150515.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150516.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150517.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150518.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150519.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150520.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150521.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150522.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150523.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150524.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150525.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150526.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150527.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150528.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150529.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150530.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150550.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150552.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP672\A0150553.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150556.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150557.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150558.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150559.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150560.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150561.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150562.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150563.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150564.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150565.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150570.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150573.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150574.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150575.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150576.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150578.Exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150584.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP685\A0157015.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll Infected: not-a-virus:AdTool.Win32.WhenU.r skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe Infected: not-a-virus:AdTool.Win32.WhenU.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP693\change.log Object is locked skipped
C:\VundoFix Backups\aeuketyb.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\aldbpxki.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\bsiphhlh.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dkeklfqu.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dpllaehs.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\dyjkjnor.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\gryrgnyv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hpkfnpgn.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\hsoncatk.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ikaufucs.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jkkji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\VundoFix Backups\jkkji.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\VundoFix Backups\jngkwjjm.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jnrxdkbu.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mhyrwhnv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrsfpnet.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\mrwfmwvp.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\nncdfxer.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ogoluuoe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\pthyprtn.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rdbfjubl.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\rwouqdwi.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tiftdcaf.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmgdgfr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\tkmyxdnr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\vtuurol.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\VundoFix Backups\weumsjux.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\woqgqnxl.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xwuxefbv.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykiwcned.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\ykuantjj.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1F93E6B1-8E1E-4DC2-B216-98C43CBFDC8A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{886ABB51-2775-45C2-BDAB-4EA40FED35CE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\afclphcl.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\aofhowyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\awmtyiop.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\axngxfum.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bbjjseyv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bdpeqctw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\brqpwybf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\btjsvbaq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bxkselcu.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\bynedhug.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cybkvget.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\dudfovud.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\dunfhdjs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\duoonbvd.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\egvccocs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\elowntrq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fcfokshy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fjuwbcsa.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fowyhsxj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\fwivhisp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\gxphnjwt.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hfdksuik.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hlwpcugk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hnqdmvrg.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hntgtvos.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hqgsmriy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hvhmwiiy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ieroawar.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ipllfccv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ippnefck.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ivlmkvgn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jbugsbix.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jeiipcsi.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jnacioyq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jxnaorra.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\jydtqvbb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kfepkutf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kguhpelp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\kkkduksp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\leqpfbxa.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\lhephphs.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\louggdya(2).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\louggdya(3).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\louggdya(4).dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\mhkjyfxn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\mitnheou.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\msbwkwqc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nebvrlkb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nfxloqyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nllekavm.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nnlvxtnh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nqdrfkrv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\nythtitw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\oumeseis.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\phyvbbvk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\pnjuhkcr.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\pxkonjug.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\rjhhkwgb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\rtlqrwwj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ruxhjjyy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sclfrbhw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sehkywog.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\sfsecrrw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\slaeinkp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\stokaygw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\tgwcxqaw.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ttcqlmmh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ttcuuktb.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\tyxcuwmf.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ucxittxc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ufutgxpk.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\uyauncnt.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\virgsvje.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vjjxpvtx.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vplcglyp.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\vqxxgwxy.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wamilqvn.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wryafqwe.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\wshvpnhu.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xbckvfdo.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xlvlaxap.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xobbsvip.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xokrmyvd.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xurqyxkv.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\xwctnyxc.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\ytcekcdh.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\yxghwhui.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\yygqlcjj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

------------------------------------------------------------------------

guestolo · « **Reply #11 on:** February 02, 2008, 10:18:30 PM »

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

C:\WINDOWS\system32\afclphcl.exe
C:\WINDOWS\system32\aofhowyy.exe
C:\WINDOWS\system32\awmtyiop.exe
C:\WINDOWS\system32\axngxfum.exe
C:\WINDOWS\system32\bbjjseyv.exe
C:\WINDOWS\system32\bdpeqctw.exe
C:\WINDOWS\system32\brqpwybf.exe
C:\WINDOWS\system32\btjsvbaq.exe
C:\WINDOWS\system32\bxkselcu.exe
C:\WINDOWS\system32\bynedhug.exe
C:\WINDOWS\system32\wryafqwe.exe
C:\WINDOWS\system32\wshvpnhu.exe
C:\WINDOWS\system32\xbckvfdo.exe
C:\WINDOWS\system32\xlvlaxap.exe
C:\WINDOWS\system32\xobbsvip.exe
C:\WINDOWS\system32\xokrmyvd.exe
C:\WINDOWS\system32\xurqyxkv.exe
C:\WINDOWS\system32\xwctnyxc.exe
C:\WINDOWS\system32\ytcekcdh.exe
C:\WINDOWS\system32\yxghwhui.exe
C:\WINDOWS\system32\cybkvget.exe
C:\WINDOWS\system32\dudfovud.exe
C:\WINDOWS\system32\dunfhdjs.exe
C:\WINDOWS\system32\duoonbvd.exe
C:\WINDOWS\system32\egvccocs.exe
C:\WINDOWS\system32\elowntrq.exe
C:\WINDOWS\system32\fcfokshy.exe
C:\WINDOWS\system32\fjuwbcsa.exe
C:\WINDOWS\system32\fowyhsxj.exe
C:\WINDOWS\system32\fwivhisp.exe
C:\WINDOWS\system32\gxphnjwt.exe
C:\WINDOWS\system32\h323log.txt
C:\WINDOWS\system32\hfdksuik.exe
C:\WINDOWS\system32\hlwpcugk.exe
C:\WINDOWS\system32\hnqdmvrg.exe
C:\WINDOWS\system32\hntgtvos.exe
C:\WINDOWS\system32\hqgsmriy.exe
C:\WINDOWS\system32\hvhmwiiy.exe
C:\WINDOWS\system32\ieroawar.exe
C:\WINDOWS\system32\ipllfccv.exe
C:\WINDOWS\system32\ippnefck.exe
C:\WINDOWS\system32\ivlmkvgn.exe
C:\WINDOWS\system32\jbugsbix.exe
C:\WINDOWS\system32\jeiipcsi.exe
C:\WINDOWS\system32\jnacioyq.exe
C:\WINDOWS\system32\jxnaorra.exe
C:\WINDOWS\system32\jydtqvbb.exe
C:\WINDOWS\system32\kfepkutf.exe
C:\WINDOWS\system32\kguhpelp.exe
C:\WINDOWS\system32\kkkduksp.exe
C:\WINDOWS\system32\leqpfbxa.exe
C:\WINDOWS\system32\lhephphs.exe
C:\WINDOWS\system32\louggdya(2).dll
C:\WINDOWS\system32\louggdya(3).dll
C:\WINDOWS\system32\mhkjyfxn.exe
C:\WINDOWS\system32\mitnheou.exe
C:\WINDOWS\system32\msbwkwqc.exe
C:\WINDOWS\system32\nebvrlkb.exe
C:\WINDOWS\system32\nfxloqyy.exe
C:\WINDOWS\system32\nllekavm.exe
C:\WINDOWS\system32\nnlvxtnh.exe
C:\WINDOWS\system32\nqdrfkrv.exe
C:\WINDOWS\system32\nythtitw.exe
C:\WINDOWS\system32\oumeseis.exe
C:\WINDOWS\system32\phyvbbvk.exe
C:\WINDOWS\system32\pnjuhkcr.exe
C:\WINDOWS\system32\pxkonjug.exe
C:\WINDOWS\system32\rjhhkwgb.exe
C:\WINDOWS\system32\rtlqrwwj.exe
C:\WINDOWS\system32\ruxhjjyy.exe
C:\WINDOWS\system32\sclfrbhw.exe **
C:\WINDOWS\system32\sfsecrrw.exe
C:\WINDOWS\system32\slaeinkp.exe
C:\WINDOWS\system32\stokaygw.exe
C:\WINDOWS\system32\tgwcxqaw.exe
C:\WINDOWS\system32\ttcqlmmh.exe
C:\WINDOWS\system32\ttcuuktb.exe
C:\WINDOWS\system32\tyxcuwmf.exe
C:\WINDOWS\system32\ucxittxc.exe
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\ufutgxpk.exe
C:\WINDOWS\system32\uyauncnt.exe
C:\WINDOWS\system32\virgsvje.exe
C:\WINDOWS\system32\vjjxpvtx.exe
C:\WINDOWS\system32\vplcglyp.exe
C:\WINDOWS\system32\vqxxgwxy.exe
C:\Program Files\AdVantage

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

After the above, delete your version of combofix
Then REDOWNLOAD it from Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back all the following after the above is done, even if it takes more than one reply to do so

1. Post the log from Combofix, it's default location is >>C:\Combofix.txt
2. Post the log from OTMoveit
3. Run a fresh scan/Save log file with hijackthis and post a fresh log

LET ME KNOW HOW THINGS ARE RUNNING!

some1ok · « **Reply #12 on:** February 03, 2008, 04:41:51 PM »

the computre is doing much better than the first stages of the infection....but i still know....its not its normal self. it takes alot more time to open programs than normal .....

here are the logs...

ComboFix log
ComboFix 08-02.03.1 - Mathew 2008-02-03 16:35:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.620 [GMT -5:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 15:15 . 2008-02-03 15:15 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 15:10 . 2008-02-03 15:10 118,784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-02-03 15:01 . 2006-11-30 15:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-02-03 15:01 . 2004-04-13 14:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-02-03 15:00 . 2008-02-03 15:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-03 15:00 . 2008-02-03 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 15:00 . 2008-02-03 15:27 <DIR> d-------- C:\Cakewalk Projects
2008-02-03 00:15 . 2008-02-03 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 00:15 . 2008-02-03 00:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-03 00:13 . 2008-02-03 00:13 <DIR> d-------- C:\_OTMoveIt
2008-02-02 10:30 . 2008-02-02 10:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-02 10:30 . 2008-02-02 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 15:22 . 2008-02-01 15:22 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-02-01 15:21 . 2008-02-01 15:21 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-02-01 15:20 . 2006-09-15 07:36 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-02-01 15:20 . 2006-09-15 07:36 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-02-01 15:20 . 2006-09-15 07:36 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-02-01 14:57 . 2008-02-01 14:58 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-02-01 14:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-01 14:14 . 2008-02-01 14:14 <DIR> d-------- C:\Program Files\MSBuild
2008-02-01 14:08 . 2008-02-01 14:08 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 15:33 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-30 23:09 . 2008-02-02 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-30 22:43 . 2008-01-30 22:43 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 12:22 . 2008-02-03 15:08 <DIR> d-------- C:\Program Files\Cakewalk
2008-01-30 11:28 . 2008-01-30 11:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-30 09:57 . 2008-01-30 10:15 <DIR> d-------- C:\VundoFix Backups
2008-01-24 18:15 . 2008-01-24 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-23 19:15 . 2008-01-23 20:59 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:14 . 2008-01-30 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-23 19:06 . 2008-01-23 20:59 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 18:52 . 2008-01-31 15:33 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-23 16:55 . 2008-01-23 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 15:58 . 2008-01-23 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 15:58 . 2008-01-23 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 15:34 . 2008-01-23 15:34 <DIR> d-------- C:\Program Files\CCleaner
2008-01-23 15:20 . 2008-01-23 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 15:05 . 2008-01-23 15:05 1,024 --a------ C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 13:00 . 2008-01-22 13:01 2,048 --a------ C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 12:39 . 2008-01-22 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 12:39 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 11:23 . 2008-01-22 11:23 5,120 --a------ C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-22 11:21 . 2008-01-23 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-22 10:55 . 2008-01-22 11:25 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-22 10:36 . 2008-01-22 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-21 22:51 . 2008-01-22 13:00 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:53 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-21 22:38 . 2008-01-21 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-21 22:28 . 2008-01-22 10:39 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-21 21:19 . 2008-01-22 10:38 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-21 21:18 . 2008-01-22 10:38 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-21 21:18 . 2008-01-22 10:38 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-21 21:18 . 2008-01-22 10:38 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 21:13 . 2008-01-22 11:26 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-21 21:13 . 2008-01-21 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 21:09 . 2008-01-21 21:34 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\Greatis
2008-01-21 21:08 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-01-21 20:13 . 2008-02-01 15:12 <DIR> d-------- C:\Program Files\UltraISO
2008-01-21 20:00 . 2008-01-21 20:00 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-21 19:55 . 2008-01-21 19:55 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 14:47 . 2008-02-01 15:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-20 14:47 . 2008-01-20 14:47 <DIR> d-------- C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 02:07 . 2008-01-20 02:07 33,292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 18:10 . 2008-01-16 15:16 <DIR> d-------- C:\Program Files\Graboid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 20:15 --------- d-----w C:\Program Files\FlashGet
2008-02-01 20:09 --------- d-----w C:\Program Files\DivX
2008-02-01 19:46 --------- d-----w C:\Program Files\iTunes
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:05 --------- d-----w C:\Program Files\QuickTime
2008-01-16 22:04 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Azureus
2008-01-16 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 23:11 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Move Networks
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-04 22:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-04 22:50 --------- d-----w C:\Program Files\NetWaiting
2008-01-04 22:50 --------- d-----w C:\Program Files\Modem Helper
2008-01-04 22:50 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-01-04 22:50 --------- d-----w C:\Program Files\GemMaster
2008-01-04 22:50 --------- d-----w C:\Program Files\ESPNMotion
2008-01-04 22:50 --------- d-----w C:\Program Files\AOL 9.0
2007-12-27 22:14 --------- d-----w C:\Program Files\eRightSoft
2007-12-27 21:48 --------- d-----w C:\Program Files\Red Kawa
2007-12-27 21:42 --------- d-----w C:\Program Files\E-Zsoft
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 02:14 --------- d-----w C:\Program Files\Veoh Networks
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 10:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 10:19 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-30 10:18 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 02:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 10:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 10:38 999424]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 17:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 21:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 13:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 02:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-30 10:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

R3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 12:00]
R3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 12:00]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 13:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 21:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 23:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 20:45:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 20:40:13 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 16:39:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"

??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 16:39:39
ComboFix-quarantined-files.txt 2008-02-03 21:39:36
ComboFix2.txt 2008-02-01 19:52:17
ComboFix3.txt 2008-01-30 15:32:34
.
2008-02-02 14:52:20 --- E O F ---

--------------------------------------------------------------------------------------------------------------------------
OTMoveit

C:\WINDOWS\system32\afclphcl.exe moved successfully.
C:\WINDOWS\system32\aofhowyy.exe moved successfully.
C:\WINDOWS\system32\awmtyiop.exe moved successfully.
C:\WINDOWS\system32\axngxfum.exe moved successfully.
C:\WINDOWS\system32\bbjjseyv.exe moved successfully.
C:\WINDOWS\system32\bdpeqctw.exe moved successfully.
C:\WINDOWS\system32\brqpwybf.exe moved successfully.
C:\WINDOWS\system32\btjsvbaq.exe moved successfully.
C:\WINDOWS\system32\bxkselcu.exe moved successfully.
C:\WINDOWS\system32\bynedhug.exe moved successfully.
C:\WINDOWS\system32\wryafqwe.exe moved successfully.
C:\WINDOWS\system32\wshvpnhu.exe moved successfully.
C:\WINDOWS\system32\xbckvfdo.exe moved successfully.
C:\WINDOWS\system32\xlvlaxap.exe moved successfully.
C:\WINDOWS\system32\xobbsvip.exe moved successfully.
C:\WINDOWS\system32\xokrmyvd.exe moved successfully.
C:\WINDOWS\system32\xurqyxkv.exe moved successfully.
C:\WINDOWS\system32\xwctnyxc.exe moved successfully.
C:\WINDOWS\system32\ytcekcdh.exe moved successfully.
C:\WINDOWS\system32\yxghwhui.exe moved successfully.
C:\WINDOWS\system32\cybkvget.exe moved successfully.
C:\WINDOWS\system32\dudfovud.exe moved successfully.
C:\WINDOWS\system32\dunfhdjs.exe moved successfully.
C:\WINDOWS\system32\duoonbvd.exe moved successfully.
C:\WINDOWS\system32\egvccocs.exe moved successfully.
C:\WINDOWS\system32\elowntrq.exe moved successfully.
C:\WINDOWS\system32\fcfokshy.exe moved successfully.
C:\WINDOWS\system32\fjuwbcsa.exe moved successfully.
C:\WINDOWS\system32\fowyhsxj.exe moved successfully.
C:\WINDOWS\system32\fwivhisp.exe moved successfully.
C:\WINDOWS\system32\gxphnjwt.exe moved successfully.
File move failed. C:\WINDOWS\system32\h323log.txt scheduled to be moved on reboot.
C:\WINDOWS\system32\hfdksuik.exe moved successfully.
C:\WINDOWS\system32\hlwpcugk.exe moved successfully.
C:\WINDOWS\system32\hnqdmvrg.exe moved successfully.
C:\WINDOWS\system32\hntgtvos.exe moved successfully.
C:\WINDOWS\system32\hqgsmriy.exe moved successfully.
C:\WINDOWS\system32\hvhmwiiy.exe moved successfully.
C:\WINDOWS\system32\ieroawar.exe moved successfully.
C:\WINDOWS\system32\ipllfccv.exe moved successfully.
C:\WINDOWS\system32\ippnefck.exe moved successfully.
C:\WINDOWS\system32\ivlmkvgn.exe moved successfully.
C:\WINDOWS\system32\jbugsbix.exe moved successfully.
C:\WINDOWS\system32\jeiipcsi.exe moved successfully.
C:\WINDOWS\system32\jnacioyq.exe moved successfully.
C:\WINDOWS\system32\jxnaorra.exe moved successfully.
C:\WINDOWS\system32\jydtqvbb.exe moved successfully.
C:\WINDOWS\system32\kfepkutf.exe moved successfully.
C:\WINDOWS\system32\kguhpelp.exe moved successfully.
C:\WINDOWS\system32\kkkduksp.exe moved successfully.
C:\WINDOWS\system32\leqpfbxa.exe moved successfully.
C:\WINDOWS\system32\lhephphs.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(2).dll
C:\WINDOWS\system32\louggdya(2).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(2).dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\louggdya(3).dll
C:\WINDOWS\system32\louggdya(3).dll NOT unregistered.
C:\WINDOWS\system32\louggdya(3).dll moved successfully.
C:\WINDOWS\system32\mhkjyfxn.exe moved successfully.
C:\WINDOWS\system32\mitnheou.exe moved successfully.
C:\WINDOWS\system32\msbwkwqc.exe moved successfully.
C:\WINDOWS\system32\nebvrlkb.exe moved successfully.
C:\WINDOWS\system32\nfxloqyy.exe moved successfully.
C:\WINDOWS\system32\nllekavm.exe moved successfully.
C:\WINDOWS\system32\nnlvxtnh.exe moved successfully.
C:\WINDOWS\system32\nqdrfkrv.exe moved successfully.
C:\WINDOWS\system32\nythtitw.exe moved successfully.
C:\WINDOWS\system32\oumeseis.exe moved successfully.
C:\WINDOWS\system32\phyvbbvk.exe moved successfully.
C:\WINDOWS\system32\pnjuhkcr.exe moved successfully.
C:\WINDOWS\system32\pxkonjug.exe moved successfully.
C:\WINDOWS\system32\rjhhkwgb.exe moved successfully.
C:\WINDOWS\system32\rtlqrwwj.exe moved successfully.
C:\WINDOWS\system32\ruxhjjyy.exe moved successfully.
File/Folder C:\WINDOWS\system32\sclfrbhw.exe ** not found.
C:\WINDOWS\system32\sfsecrrw.exe moved successfully.
C:\WINDOWS\system32\slaeinkp.exe moved successfully.
C:\WINDOWS\system32\stokaygw.exe moved successfully.
C:\WINDOWS\system32\tgwcxqaw.exe moved successfully.
C:\WINDOWS\system32\ttcqlmmh.exe moved successfully.
C:\WINDOWS\system32\ttcuuktb.exe moved successfully.
C:\WINDOWS\system32\tyxcuwmf.exe moved successfully.
C:\WINDOWS\system32\ucxittxc.exe moved successfully.
C:\WINDOWS\QTFont.qfn moved successfully.
C:\WINDOWS\QTFont.for moved successfully.
C:\WINDOWS\system32\ufutgxpk.exe moved successfully.
C:\WINDOWS\system32\uyauncnt.exe moved successfully.
C:\WINDOWS\system32\virgsvje.exe moved successfully.
C:\WINDOWS\system32\vjjxpvtx.exe moved successfully.
C:\WINDOWS\system32\vplcglyp.exe moved successfully.
C:\WINDOWS\system32\vqxxgwxy.exe moved successfully.
File/Folder C:\Program Files\AdVantage not found.

OTMoveIt2 v1.0.17 log created on 02032008_001353

--------------------------------------------------------------------------------------------------------------------------
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:30 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10110 bytes

guestolo · « **Reply #13 on:** February 03, 2008, 05:02:24 PM »

I missed some files earlier
Can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

OTMoveit2

Please double-click OTMoveIt2.exe to run it.
Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

C:\WINDOWS\system32\wamilqvn.exe
C:\WINDOWS\system32\wryafqwe.exe
C:\WINDOWS\system32\wshvpnhu.exe
C:\WINDOWS\system32\xbckvfdo.exe
C:\WINDOWS\system32\xlvlaxap.exe
C:\WINDOWS\system32\xobbsvip.exe
C:\WINDOWS\system32\xokrmyvd.exe
C:\WINDOWS\system32\xurqyxkv.exe
C:\WINDOWS\system32\xwctnyxc.exe
C:\WINDOWS\system32\ytcekcdh.exe
C:\WINDOWS\system32\yxghwhui.exe
C:\WINDOWS\system32\yygqlcjj.exe

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Afterwards: I suggest that you go back and rescan with Kaspersky's to ensure we don't find any new infected files
Post back the new report

Also post the log again from OTMoveIt as well as a fresh hijackthis log

some1ok · « **Reply #14 on:** March 17, 2008, 07:38:49 PM »

OTMoveit

File/Folder C:\WINDOWS\system32\wamilqvn.exe not found.
File/Folder C:\WINDOWS\system32\wryafqwe.exe not found.
File/Folder C:\WINDOWS\system32\wshvpnhu.exe not found.
File/Folder C:\WINDOWS\system32\xbckvfdo.exe not found.
File/Folder C:\WINDOWS\system32\xlvlaxap.exe not found.
File/Folder C:\WINDOWS\system32\xobbsvip.exe not found.
File/Folder C:\WINDOWS\system32\xokrmyvd.exe not found.
File/Folder C:\WINDOWS\system32\xurqyxkv.exe not found.
File/Folder C:\WINDOWS\system32\xwctnyxc.exe not found.
File/Folder C:\WINDOWS\system32\ytcekcdh.exe not found.
File/Folder C:\WINDOWS\system32\yxghwhui.exe not found.
File/Folder C:\WINDOWS\system32\yygqlcjj.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03172008_162242

Kaspersky Log

KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Monday, March 17, 2008 7:49:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 636169

Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects135147
Number of viruses found21
Number of infected objects203
Number of suspicious objects0
Duration of the scan process02:28:56

Infected Object NameVirus NameLast Action
C:\Documents and Settings\All Users\Application
Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked
skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked
skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is
locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2.gthr
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked
skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is
locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked
skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked
skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_bcc.dat Object
is locked skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\cert8.db Object is locked
skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\formhistory.dat Object is
locked skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\history.dat Object is
locked skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\key3.db Object is locked
skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\search.sqlite Object is
locked skipped

C:\Documents and Settings\Mathew\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\urlclassifier2.sqlite
Object is locked skipped

C:\Documents and Settings\Mathew\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Logs\Dfsr00005.log
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\pending.dat
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\dfsr.db
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsr.log
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\fsrtmp.log
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Messenger\joelm4jcEmail Removed\SharingMetadata\Working\database_208_4679_846_6BAB\tmp.edb
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Microsoft\Windows Live Contacts\joelm4jcEmail Removed\real\members.stg
Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_001_ Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_002_ Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_003_ Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Application
Data\Mozilla\Firefox\Profiles\arnd8egj.default\Cache\_CACHE_MAP_ Object is
locked skipped

C:\Documents and Settings\Mathew\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mathew\Local
Settings\History\History.IE5\MSHist012008031720080318\index.dat Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe/data0006
Infected: Trojan-Downloader.Win32.VB.caw skipped

C:\Documents and Settings\Mathew\Local Settings\Temp\snapsnet.exe NSIS:
infected - 1 skipped

C:\Documents and Settings\Mathew\Local Settings\Temp\~DF2B3D.tmp Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temp\~DF702E.tmp Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temp\~DF7039.tmp Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\0WY8F8TH\wavvsnet[1].exe Infected:
Trojan-Downloader.Win32.Small.swa skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\74VE2V6T\17PHolmes[1].cmt Infected:
Trojan-Downloader.Win32.Agent.lbx skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\MA2TXEZJ\css4[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\MA2TXEZJ\hctp[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\NPAKQ9VN\ptch[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\WD388BOH\17PHolmes[1].cmt Infected:
Trojan-Downloader.Win32.Agent.lbx skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\WD388BOH\rasesnet[1].exe Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\iddqd[1] Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\snapsnet[1].exe/data0006 Infected:
Trojan-Downloader.Win32.VB.caw skipped

C:\Documents and Settings\Mathew\Local Settings\Temporary Internet
Files\Content.IE5\YPHQMV20\snapsnet[1].exe NSIS: infected - 1 skipped

C:\Documents and Settings\Mathew\My Documents\My Music\iTunes\iTunes
Library.itl Object is locked skipped

C:\Documents and Settings\Mathew\ntuser.dat Object is locked skipped

C:\Documents and Settings\Mathew\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\duruaknp.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\fravaxbv.dll.vir Infected:
Packed.Win32.Klone.j skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\gdrileax.dll.vir Infected:
Packed.Win32.Klone.j skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir Infected:
not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jsnardlx.dll.vir Infected:
Packed.Win32.Klone.j skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mdnsnjsd.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\oplsisoj.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\yosvesth.dll.vir Infected:
Packed.Win32.Klone.j skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\yrideqtt.dll.vir Infected:
Trojan-Spy.Win32.VBStat.h skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131258.dll
Infected: Trojan.Win32.BHO.g skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP492\A0131259.dll
Infected: Trojan.Win32.BHO.o skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe/data0002
Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP625\A0145248.exe
NSIS: infected - 1 skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150502.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150503.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150504.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150505.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150506.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150507.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150508.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150509.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150510.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150511.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150512.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150513.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150514.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150515.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150516.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150517.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150518.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150519.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150520.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150521.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150522.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150523.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150524.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150525.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150526.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150527.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150528.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150529.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP671\A0150530.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150557.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150558.dll
Infected: Packed.Win32.Klone.j skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150559.dll
Infected: Packed.Win32.Klone.j skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150560.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150561.dll
Infected: Packed.Win32.Klone.j skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150562.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150563.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150564.dll
Infected: Packed.Win32.Klone.j skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP673\A0150565.dll
Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157105.dll
Infected: not-a-virus:AdTool.Win32.WhenU.r skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP688\A0157106.exe
Infected: not-a-virus:AdTool.Win32.WhenU.t skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe
Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe
Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe
Infected: Trojan-Downloader.Win32.PurityScan.fj skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe
Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe
Infected: Trojan-Downloader.Win32.VB.caw skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178916.exe
Infected: Virus.Win32.Trats.d skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll
Infected: Trojan.Win32.BHO.ab skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe/data0001
Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe
NSIS: infected - 1 skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll
Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe/data0002
Infected: not-a-virus:AdWare.Win32.TTC.d skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe
NSIS: infected - 1 skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe
Infected: Trojan.Win32.Scapur.k skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\change.log
Object is locked skipped

C:\VundoFix Backups\aeuketyb.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\aldbpxki.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\bsiphhlh.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\dkeklfqu.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\dpllaehs.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\dyjkjnor.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\gryrgnyv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\hpkfnpgn.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\hsoncatk.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\ikaufucs.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\jkkji.dll.bad Infected:
not-a-virus:AdWare.Win32.Virtumonde.dyx skipped

C:\VundoFix Backups\jngkwjjm.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\jnrxdkbu.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\mhyrwhnv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\mrsfpnet.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\mrwfmwvp.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\nncdfxer.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\ogoluuoe.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\pthyprtn.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\rdbfjubl.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\rwouqdwi.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\tiftdcaf.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\tkmgdgfr.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\tkmyxdnr.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\weumsjux.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\woqgqnxl.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\xwuxefbv.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\ykiwcned.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\VundoFix Backups\ykuantjj.exe.bad Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked
skipped

C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.lbx
skipped

C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.lbx
skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4CB64E7B-E236-4508-99F5-329990CB0A2A}.crmlog
Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\byddnslj.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\comyctgx.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application
Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked
skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\jkkll.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\louggdya(4).dll Infected: Packed.Win32.Klone.j skipped

C:\WINDOWS\system32\mnbmjort.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\sclfrbhw.exe Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\sehkywog.exe Infected:
not-a-virus:AdWare.Win32.Agent.at skipped

C:\WINDOWS\system32\vtuvuvt.dll Infected:
not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

C:\WINDOWS\TWF0aGV3\asappsrv.dll Infected:
not-a-virus:AdWare.Win32.CommAd.a skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
Infected: Packed.Win32.Klone.j skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
Infected: Packed.Win32.Klone.j skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
Infected: not-a-virus:AdWare.Win32.Agent.at skipped

Scan process completed.

Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:34 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [SupportAnyPC] "C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [08466b04] rundll32.exe "C:\WINDOWS\system32\lioriqcd.dll",b
O4 - HKLM\..\Run: [BM0b755898] Rundll32.exe "C:\WINDOWS\system32\prdroerp.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0aGV3\command.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Out of the Box Consulting, Inc. - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe

--
End of file - 10315 bytes

its been a while lol....

guestolo · « **Reply #15 on:** March 17, 2008, 09:24:32 PM »

Umm, yah, it's been awhile since we started this topic

Can you do the following
If you still have combofix, delete your version on desktop
It updates frequently, and yours will be out of date

Download this file - Combofix.exe and save it ONLY to your desktop

Disable your Antivirus software temporarily so as it won't interfere with this next fix
Physically disconnect your connection to the internet

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Back in Windows

Post back the following:

1. Post the log from Combofix
2. Post a fresh hijackthis log

some1ok · « **Reply #16 on:** March 17, 2008, 09:50:51 PM »

ComboFix log

ComboFix 08-03-17.1 - Mathew 2008-03-17 22:50:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mathew\Application Data\SSEMBL~1
C:\Documents and Settings\Mathew\Application Data\SSEMBL~1\?ssembly\
C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM0b755898.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\dcqiroil.ini
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\lioriqcd.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prdroerp.dll
C:\WINDOWS\system32\vtuvuvt.dll
C:\WINDOWS\system32\wilvcmeb.dll
C:\WINDOWS\TWF0aGV3\
C:\WINDOWS\TWF0aGV3\\asappsrv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01 1,359,325 ---hs---- C:\WINDOWS\system32\trojmbnm.ini
2008-03-16 18:45 . 2008-03-16 23:20 <DIR> d-------- C:\WINDOWS\system32\xk1
2008-03-16 18:45 . 2008-03-16 23:21 <DIR> d-------- C:\WINDOWS\system32\tf5
2008-03-16 18:45 . 2008-03-16 18:45 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
2008-03-16 18:45 . 2008-03-16 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-03-16 18:45 . 2008-03-16 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-16 18:45 . 2008-03-16 18:45 37,376 --a------ C:\WINDOWS\mrofinu572.exe
2008-03-16 18:45 . 2008-03-16 18:45 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-03-12 12:22 . 2008-03-13 23:50 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39 <DIR> d-------- C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07 --------- d-----w C:\Program Files\FlashGet
2008-03-14 03:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 20:35 --------- d-----w C:\Program Files\DivX
2008-03-12 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51 --------- d-----w C:\Program Files\QuickTime
2008-03-06 03:51 --------- d-----w C:\Program Files\iTunes
2008-02-07 22:46 --------- d-----w C:\Program Files\Cakewalk
2008-02-07 16:23 --------- d-----w C:\Program Files\Kontakt Player 2
2008-02-07 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-01 20:12 --------- d-----w C:\Program Files\UltraISO
2008-02-01 20:08 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 19:58 --------- d-----w C:\Program Files\Microsoft Expression
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:14 --------- d-----w C:\Program Files\MSBuild
2008-02-01 19:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33 --------- d-----w C:\Program Files\MSECACHE
2008-01-31 03:43 --------- d-----w C:\Program Files\PowerISO
2008-01-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59 --------- d-----w C:\Program Files\Windows Live
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58 --------- d-----w C:\Program Files\Lavasoft
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34 --------- d-----w C:\Program Files\CCleaner
2008-01-23 20:20 --------- d-----w C:\Program Files\Trend Micro
2008-01-23 20:10 --------- d-----w C:\Program Files\STOPzilla!
2008-01-23 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05 1,024 ----a-w C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01 2,048 ----a-w C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00 --------- d-----w C:\Program Files\PrevxCSI
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26 --------- d-----w C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23 5,120 ----a-w C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08 --------- d-----w C:\Program Files\Greatis
2008-01-22 01:00 --------- d-----w C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E7848A1-3C96-424B-549F-2D5EFEC522D1}]
C:\Program Files\Windows Media Player\qudawuqe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA617EF-469F-4AD0-A378-605EC78D208C}]
C:\Program Files\Movie Maker\pytegyri89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]
"Uaol"="C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvt]
vtuvuvt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 22:57:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-03-17 23:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 03:03:06
ComboFix2.txt 2008-02-03 21:39:40
ComboFix3.txt 2008-02-01 19:52:17
ComboFix4.txt 2008-01-30 15:32:34
.
2008-03-12 02:01:04 --- E O F ---

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:28 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 0 - {6E7848A1-3C96-424B-549F-2D5EFEC522D1} - C:\Program Files\Windows Media Player\qudawuqe.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {8DA617EF-469F-4AD0-A378-605EC78D208C} - C:\Program Files\Movie Maker\pytegyri89104.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Mathew\APPLIC~1\SSEMBL~1\netdde.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: vtuvuvt - vtuvuvt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 11184 bytes

guestolo · « **Reply #17 on:** March 18, 2008, 10:04:55 PM »

Do the following please

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]File::
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\vtuvuvt.dll
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\mnbmjort.dll
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\byddnslj.dll
Folder::
C:\WINDOWS\system32\xk1
C:\WINDOWS\system32\tf5
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
C:\_OTMoveIt
C:\WINDOWS\TWF0aGV3
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E7848A1-3C96-424B-549F-2D5EFEC522D1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DA617EF-469F-4AD0-A378-605EC78D208C}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvt]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[/color]

Save this as txtfile on your desktop
CFScript

Disable your AntiVirus software temporarily so as it won't interfere with the next fix

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log again later

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

1. Post the log from MBAM
2. Post the log from Combofix
3. Post a fresh hijackthis log

some1ok · « **Reply #18 on:** March 19, 2008, 02:58:36 PM »

MBAM

Malwarebytes' Anti-Malware 1.08
Database version: 506

Scan type: Full Scan (C:\|)
Objects scanned: 168540
Time elapsed: 44 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\TWF0aGV3\asappsrv.dll.vir (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP632\A0146335.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178911.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178912.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178913.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178914.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178915.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178917.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178918.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178919.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178920.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178921.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP732\A0178923.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP734\A0180042.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180270.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180271.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP735\A0180272.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

ComboFix
ComboFix 08-03-17.1 - Mathew 2008-03-18 23:26:26.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502 [GMT -4:00]
Running from: C:\Documents and Settings\Mathew\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathew\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byddnslj.dll
C:\WINDOWS\system32\comyctgx.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\mnbmjort.dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\vtuvuvt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\02032008_001353.log
C:\_OTMoveIt\MovedFiles\02032008_001353.res
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.for
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\QTFont.qfn
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\afclphcl.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\aofhowyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\awmtyiop.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\axngxfum.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bbjjseyv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bdpeqctw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\brqpwybf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\btjsvbaq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bxkselcu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\bynedhug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\cybkvget.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dudfovud.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\dunfhdjs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\duoonbvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\egvccocs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\elowntrq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fcfokshy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fjuwbcsa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fowyhsxj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\fwivhisp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\gxphnjwt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\h323log.txt
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hfdksuik.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hlwpcugk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hnqdmvrg.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hntgtvos.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hqgsmriy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\hvhmwiiy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ieroawar.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ipllfccv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ippnefck.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ivlmkvgn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jbugsbix.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jeiipcsi.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jnacioyq.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jxnaorra.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\jydtqvbb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kfepkutf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kguhpelp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\kkkduksp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\leqpfbxa.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\lhephphs.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(2).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\louggdya(3).dll
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mhkjyfxn.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\mitnheou.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\msbwkwqc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nebvrlkb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nfxloqyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nllekavm.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nnlvxtnh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nqdrfkrv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\nythtitw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\oumeseis.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\phyvbbvk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pnjuhkcr.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\pxkonjug.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rjhhkwgb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\rtlqrwwj.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ruxhjjyy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\sfsecrrw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\slaeinkp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\stokaygw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tgwcxqaw.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcqlmmh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ttcuuktb.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\tyxcuwmf.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ucxittxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ufutgxpk.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\uyauncnt.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\virgsvje.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vjjxpvtx.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vplcglyp.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\vqxxgwxy.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wryafqwe.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\wshvpnhu.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xbckvfdo.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xlvlaxap.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xobbsvip.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xokrmyvd.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xurqyxkv.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\xwctnyxc.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\ytcekcdh.exe
C:\_OTMoveIt\MovedFiles\02032008_001353\WINDOWS\system32\yxghwhui.exe
C:\_OTMoveIt\MovedFiles\02052008_175017.log
C:\_OTMoveIt\MovedFiles\02052008_175017.res
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\wamilqvn.exe
C:\_OTMoveIt\MovedFiles\02052008_175017\WINDOWS\system32\yygqlcjj.exe
C:\_OTMoveIt\MovedFiles\02052008_175024.log
C:\_OTMoveIt\MovedFiles\02052008_175024.res
C:\_OTMoveIt\MovedFiles\03172008_162242.log
C:\_OTMoveIt\MovedFiles\03172008_162242.res
C:\VundoFix Backups
C:\VundoFix Backups\aeuketyb.exe.bad
C:\VundoFix Backups\aldbpxki.exe.bad
C:\VundoFix Backups\bsiphhlh.exe.bad
C:\VundoFix Backups\dkeklfqu.exe.bad
C:\VundoFix Backups\dpllaehs.exe.bad
C:\VundoFix Backups\dyjkjnor.exe.bad
C:\VundoFix Backups\gryrgnyv.exe.bad
C:\VundoFix Backups\hpkfnpgn.exe.bad
C:\VundoFix Backups\hsoncatk.exe.bad
C:\VundoFix Backups\ijkkj.ini.bad
C:\VundoFix Backups\ijkkj.ini2.bad
C:\VundoFix Backups\ikaufucs.exe.bad
C:\VundoFix Backups\jkkji.dll.bad
C:\VundoFix Backups\jngkwjjm.exe.bad
C:\VundoFix Backups\jnrxdkbu.exe.bad
C:\VundoFix Backups\mhyrwhnv.exe.bad
C:\VundoFix Backups\mrsfpnet.exe.bad
C:\VundoFix Backups\mrwfmwvp.exe.bad
C:\VundoFix Backups\nncdfxer.exe.bad
C:\VundoFix Backups\ogoluuoe.exe.bad
C:\VundoFix Backups\PageHistory.txt.bad
C:\VundoFix Backups\pthyprtn.exe.bad
C:\VundoFix Backups\rdbfjubl.exe.bad
C:\VundoFix Backups\rwouqdwi.exe.bad
C:\VundoFix Backups\tiftdcaf.exe.bad
C:\VundoFix Backups\tkmgdgfr.exe.bad
C:\VundoFix Backups\tkmyxdnr.exe.bad
C:\VundoFix Backups\WebHistory.txt.bad
C:\VundoFix Backups\weumsjux.exe.bad
C:\VundoFix Backups\woqgqnxl.exe.bad
C:\VundoFix Backups\xwuxefbv.exe.bad
C:\VundoFix Backups\ykiwcned.exe.bad
C:\VundoFix Backups\ykuantjj.exe.bad
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\domains.txt
C:\WINDOWS\system32\config\systemprofile\Application Data\NetMon\log.txt
C:\WINDOWS\system32\louggdya(4).dll
C:\WINDOWS\system32\sclfrbhw.exe
C:\WINDOWS\system32\sehkywog.exe
C:\WINDOWS\system32\tf5
C:\WINDOWS\system32\xk1

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-17 16:28 . 2008-03-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:01 . 2008-03-17 19:01 1,359,325 ---hs---- C:\WINDOWS\system32\trojmbnm.ini
2008-03-12 12:22 . 2008-03-13 23:50 <DIR> d-------- C:\Program Files\Microsoft Games
2008-03-08 13:50 . 2008-03-08 13:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-06 22:38 . 2008-03-06 22:39 <DIR> d-------- C:\Program Files\Rogers
2008-03-05 23:26 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod(6)
2008-03-05 15:21 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\ACW
2008-02-29 19:22 . 2008-03-05 23:51 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:07 --------- d-----w C:\Program Files\FlashGet
2008-03-14 03:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 20:35 --------- d-----w C:\Program Files\DivX
2008-03-12 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-06 03:51 --------- d-----w C:\Program Files\QuickTime
2008-03-06 03:51 --------- d-----w C:\Program Files\iTunes
2008-02-07 22:46 --------- d-----w C:\Program Files\Cakewalk
2008-02-07 16:23 --------- d-----w C:\Program Files\Kontakt Player 2
2008-02-07 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-02-03 20:15 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Cakewalk
2008-02-03 20:10 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Windows Desktop Search
2008-02-01 20:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-02-01 20:12 --------- d-----w C:\Program Files\UltraISO
2008-02-01 20:08 --------- d-----w C:\Program Files\Yahoo!
2008-02-01 19:58 --------- d-----w C:\Program Files\Microsoft Expression
2008-02-01 19:41 --------- d-----w C:\Program Files\MSN Messenger
2008-02-01 19:41 --------- d-----w C:\Program Files\DellSupport
2008-02-01 19:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-01 19:35 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:14 --------- d-----w C:\Program Files\MSBuild
2008-02-01 19:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-31 20:33 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-31 20:33 --------- d-----w C:\Program Files\MSECACHE
2008-01-31 03:43 --------- d-----w C:\Program Files\PowerISO
2008-01-30 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-01-30 14:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\McAfee.com Personal Firewall
2008-01-24 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 01:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 01:59 --------- d-----w C:\Program Files\Windows Live
2008-01-24 01:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-23 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-23 21:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 20:58 --------- d-----w C:\Program Files\Lavasoft
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Lavasoft
2008-01-23 20:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:34 --------- d-----w C:\Program Files\CCleaner
2008-01-23 20:20 --------- d-----w C:\Program Files\Trend Micro
2008-01-23 20:10 --------- d-----w C:\Program Files\STOPzilla!
2008-01-23 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-23 20:05 1,024 ----a-w C:\WINDOWS\system32\drivers\DAA59A82-9E4E-40FD-B02D-276A22231BCF.cxv
2008-01-22 18:01 2,048 ----a-w C:\WINDOWS\system32\drivers\5049CA52-0F31-41EA-B004-D73A5858207A.cxv
2008-01-22 18:00 --------- d-----w C:\Program Files\PrevxCSI
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Grisoft
2008-01-22 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 16:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-22 16:26 --------- d-----w C:\Documents and Settings\Mathew\Application Data\SUPERAntiSpyware.com
2008-01-22 16:25 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-01-22 16:23 5,120 ----a-w C:\WINDOWS\system32\drivers\D6E4E5D4-36A3-4B90-8C4C-1C5228221F20.cxv
2008-01-22 15:39 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-22 15:39 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-22 15:38 98,304 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-01-22 15:38 94,208 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-22 15:38 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe
2008-01-22 15:38 114,688 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-22 15:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-22 03:53 --------- d-----w C:\Documents and Settings\Mathew\Application Data\PrevxCSI
2008-01-22 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-22 02:34 25,773 ----a-w C:\WINDOWS\system32\drivers\regguard.sys
2008-01-22 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 02:08 --------- d-----w C:\Program Files\Greatis
2008-01-22 01:00 --------- d-----w C:\Documents and Settings\Mathew\Application Data\DAEMON Tools
2008-01-22 00:55 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-20 19:47 --------- d-----w C:\Documents and Settings\Mathew\Application Data\Yahoo!
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-04-28 13:06 173,376 -c--a-w C:\Program Files\AO
2006-08-09 17:58 251 ----a-w C:\Program Files\wt3d.ini
2006-08-09 02:00 149 ----a-w C:\Program Files\INSTALL.LOG
2006-08-08 23:00 88 --sh--r C:\WINDOWS\system32\110E035EBA.sys
2006-08-24 19:45 56 --sh--r C:\WINDOWS\system32\BA5E030E11.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2006-08-24 19:48 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2006-12-06 21:05 351 --sha-w C:\WINDOWS\system32\SoftwareDistribution\vbmc.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-17_23.02.47.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 00:09:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-19 02:31:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-18 00:09:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-19 02:31:37 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-22 11:39 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2007-04-23 16:51 478968]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-10-12 16:30 5166392]
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-10-12 16:30 136504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-30 11:19 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2008-01-22 11:38 212992]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2008-01-22 11:38 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MCAgentExe"="C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [2008-01-22 11:39 303104]

C:\Documents and Settings\Mathew\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-08 18:21:21 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 22:25:49 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-08-08 14:53:59 118784]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2006-05-03 03:12 98304 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:iPhone
"5061:UDP"= 5061:UDP:iPhone
"5062:UDP"= 5062:UDP:iPhone
"5004:UDP"= 5004:UDP:iPhone
"5005:UDP"= 5005:UDP:iPhone
"5006:UDP"= 5006:UDP:iPhone

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-05-25 14:55]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PD016BLK;Creative PC-CAM 300 (Still Image);C:\WINDOWS\system32\DRIVERS\PD016blk.sys [2001-07-03 13:00]
S3 PD016VID;Creative PC-CAM 300 (Video);C:\WINDOWS\system32\DRIVERS\PD016vid.sys [2001-07-03 13:00]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-01-21 22:34]
S3 SupportAnyPC;SupportAnyPC Service;"C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe" -service []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-19 02:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-12 19:40:07 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 23:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Completion time: 2008-03-18 23:30:15
ComboFix-quarantined-files.txt 2008-03-19 03:30:07
ComboFix2.txt 2008-03-18 03:03:13
ComboFix3.txt 2008-02-03 21:39:40
ComboFix4.txt 2008-02-01 19:52:17
ComboFix5.txt 2008-01-30 15:32:34
.
2008-03-12 02:01:04 --- E O F ---

Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:00 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396204578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportAnyPC Service (SupportAnyPC) - Unknown owner - C:\DOCUME~1\Mathew\LOCALS~1\Temp\winvnc.exe (file missing)

--
End of file - 10891 bytes

guestolo · « **Reply #19 on:** March 19, 2008, 06:27:00 PM »

How are things running on your end now?
Did you recently install SupportAnyPC?

News:

Author Topic: Topic for some1ok (Read 2020 times)