Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Been Hi-jacked! - Have Tried Everything I Know


  • Please log in to reply
19 replies to this topic

#1 jshepwnc

jshepwnc

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 August 2007 - 04:22 PM

Have tried for weeks.

Here is what I've tried:

AVG (normal & Safe mode)
Adaware (lavasoft)
Spy-Bot
CCleaner
Online Scan from housecall (Trendmicro)
Did a re-install of XP (not a format, just a repair)

Have just downloaded the latest version of HJT from trendmicro.

last avg scan identified two offenders:
Downloader.tiny.id
Proxy.Xorpix.ar

I quarantined both. (They just keep coming back of course, or I wouldn;t be here)

Please let me know what my next step should be.

Thanks!

BC AdBot (Login to Remove)

 


#2 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 10 August 2007 - 04:32 PM

Here is HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:58:29 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\winupd_KB95349334.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ojggfiph.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://89.188.16.10/trafc-2/rfe.php?cmp=wa...mp;lid=http>
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [j6221837] rundll32 C:\WINDOWS\system32\j6221837.dll sook
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bvyuuiri.dll",forkonce
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\winupd_KB95349334.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\JODY-B~1\LOCALS~1\Temp\svchots.exe
O4 - HKCU\..\Run: [Windows Setup Manger] h
O4 - HKCU\..\Run: [XP restart system] C:\DOCUME~1\JODY-B~1\LOCALS~1\Temp\wnset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179875764171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179916829625
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qjxqncet.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

#3 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:05:16 AM

Posted 11 August 2007 - 02:47 AM

Hello jshepwnc,

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#4 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 August 2007 - 12:43 PM

here is combofix log:

I'll post HJT Log next -
Thanks for your help!




ComboFix 07-08-09.3 - "jody-bedroom" 2007-08-11 12:12:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.236 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ProductCode
C:\DOCUME~1\JODY-B~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\TFKBB3LG\www.broadcaster.com
C:\DOCUME~1\JODY-B~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\JODY-B~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\JODY-B~1\APPLIC~1\Microsoft\20509.dat
C:\DOCUME~1\JODY-B~1\APPLIC~1\Microsoft\25319.dat
C:\DOCUME~1\JODY-B~1\ie_updater.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\WINDOWS\ecurit~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\system32\0AhcWcX0.exe
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\abjmbvjd.exe
C:\WINDOWS\system32\abkdudqk.dll
C:\WINDOWS\system32\aehsmxwi.exe
C:\WINDOWS\system32\aipcbhyc.ini
C:\WINDOWS\system32\akcjagcf.dll
C:\WINDOWS\system32\akttfkmu.dll
C:\WINDOWS\system32\alvyvvef.dll
C:\WINDOWS\system32\apytbfun.dll
C:\WINDOWS\system32\arenibrs.ini
C:\WINDOWS\system32\arneevwg.dll
C:\WINDOWS\system32\aruqyptt.dll
C:\WINDOWS\system32\autqcjfo.ini
C:\WINDOWS\system32\avmcfrow.exe
C:\WINDOWS\system32\bbgdvole.dll
C:\WINDOWS\system32\bcfebjwd.ini
C:\WINDOWS\system32\bckllvsr.dll
C:\WINDOWS\system32\bfkufkmb.exe
C:\WINDOWS\system32\bgbutyiy.dll
C:\WINDOWS\system32\blimwise.dll
C:\WINDOWS\system32\bmdygeey.exe
C:\WINDOWS\system32\bmjulcjf.dll
C:\WINDOWS\system32\bnhbnich.exe
C:\WINDOWS\system32\bniewfgp.exe
C:\WINDOWS\system32\bnjxoqfm.dll
C:\WINDOWS\system32\booxtsgw.exe
C:\WINDOWS\system32\bovuljxk.dll
C:\WINDOWS\system32\bowrspjw.dll
C:\WINDOWS\system32\bvgryrll.ini
C:\WINDOWS\system32\bwlfffcr.dll
C:\WINDOWS\system32\bwmlpklm.dll
C:\WINDOWS\system32\cbnfxnbs.ini
C:\WINDOWS\system32\cboiihwn.exe
C:\WINDOWS\system32\ccmvpwqd.dll
C:\WINDOWS\system32\cekbabyo.dll
C:\WINDOWS\system32\cent.exe.exe
C:\WINDOWS\system32\ceogbsgr.dll
C:\WINDOWS\system32\cfjixpyq.dll
C:\WINDOWS\system32\cgbmgrrh.dll
C:\WINDOWS\system32\cghoetug.dll
C:\WINDOWS\system32\ckjcrngv.dll
C:\WINDOWS\system32\ckmiatnq.exe
C:\WINDOWS\system32\cnovonnd.ini
C:\WINDOWS\system32\cpankifr.ini
C:\WINDOWS\system32\crypt32net.dll
C:\WINDOWS\system32\cuadeevf.dll
C:\WINDOWS\system32\cwhssaxu.ini
C:\WINDOWS\system32\cwhssaxu.tmp
C:\WINDOWS\system32\cwxqiewn.exe
C:\WINDOWS\system32\cyhbcpia.dll
C:\WINDOWS\system32\cynqcroa.dll
C:\WINDOWS\system32\dbvahjml.dll
C:\WINDOWS\system32\djybdumm.exe
C:\WINDOWS\system32\dkxepqyj.exe
C:\WINDOWS\system32\dmixcsry.dll
C:\WINDOWS\system32\dnnovonc.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\dshuhfde.dll
C:\WINDOWS\system32\dtdrayyr.dll
C:\WINDOWS\system32\dvgatvdc.dll
C:\WINDOWS\system32\dwjbefcb.dll
C:\WINDOWS\system32\dxjegvwk.dll
C:\WINDOWS\system32\ebqhuvth.ini
C:\WINDOWS\system32\ebxlmrjr.exe
C:\WINDOWS\system32\eceuircr.dll
C:\WINDOWS\system32\ecrupuoy.dll
C:\WINDOWS\system32\edfhuhsd.ini
C:\WINDOWS\system32\efjqbdtw.ini
C:\WINDOWS\system32\efkgruro.dll
C:\WINDOWS\system32\ejsixgqe.ini
C:\WINDOWS\system32\ekgdqxnw.dll
C:\WINDOWS\system32\eltkdkwe.ini
C:\WINDOWS\system32\enogdsqk.ini
C:\WINDOWS\system32\eqgxisje.dll
C:\WINDOWS\system32\erjnlxbj.exe
C:\WINDOWS\system32\etwxyaql.dll
C:\WINDOWS\system32\euijtivy.exe
C:\WINDOWS\system32\ewkdktle.dll
C:\WINDOWS\system32\ewyqmkwp.dll
C:\WINDOWS\system32\fbqevrkb.dll
C:\WINDOWS\system32\fbwngnlc.exe
C:\WINDOWS\system32\fcbvvjdr.exe
C:\WINDOWS\system32\fevvyvla.ini
C:\WINDOWS\system32\fhjdhhfe.exe
C:\WINDOWS\system32\fjclujmb.ini
C:\WINDOWS\system32\fmappsql.dll
C:\WINDOWS\system32\fmgkxqov.dll
C:\WINDOWS\system32\fssmwopx.ini
C:\WINDOWS\system32\fumbjmvc.dll
C:\WINDOWS\system32\fveedauc.ini
C:\WINDOWS\system32\fwvlfdli.dll
C:\WINDOWS\system32\gfnlrfxl.dll
C:\WINDOWS\system32\gfwqwtgg.dll
C:\WINDOWS\system32\ggtwqwfg.ini
C:\WINDOWS\system32\ghcvpxbk.exe
C:\WINDOWS\system32\gjeqxkvw.ini
C:\WINDOWS\system32\gjpunusx.dll
C:\WINDOWS\system32\gjrglyxq.dll
C:\WINDOWS\system32\gqppxrok.ini
C:\WINDOWS\system32\gsmxehfx.dll
C:\WINDOWS\system32\gthcqqnv.exe
C:\WINDOWS\system32\guaylbwa.dll
C:\WINDOWS\system32\guteohgc.ini
C:\WINDOWS\system32\gvjhfyjq.dll
C:\WINDOWS\system32\gwveenra.ini
C:\WINDOWS\system32\hfwhweyq.dll
C:\WINDOWS\system32\hnsxwjlq.dll
C:\WINDOWS\system32\hntqtsip.dll
C:\WINDOWS\system32\hpppwiqx.dll
C:\WINDOWS\system32\hqfxpagu.ini
C:\WINDOWS\system32\htcyqpfh.dll
C:\WINDOWS\system32\hthtyxbd.dll
C:\WINDOWS\system32\htvuhqbe.dll
C:\WINDOWS\system32\hwvowjlu.dll
C:\WINDOWS\system32\hxjtmltu.dll
C:\WINDOWS\system32\hxvlixwp.exe
C:\WINDOWS\system32\iatqayfv.ini
C:\WINDOWS\system32\ildflvwf.ini
C:\WINDOWS\system32\ipjweyah.dll
C:\WINDOWS\system32\isibpfhu.dll
C:\WINDOWS\system32\iuscyyar.exe
C:\WINDOWS\system32\ixjpfjnm.exe
C:\WINDOWS\system32\jdbvorwm.ini
C:\WINDOWS\system32\jlivtugw.exe
C:\WINDOWS\system32\jssbwsbo.dll
C:\WINDOWS\system32\jvdkdwqn.exe
C:\WINDOWS\system32\jvygarck.dll
C:\WINDOWS\system32\jysloear.dll
C:\WINDOWS\system32\kcqrwyfu.ini
C:\WINDOWS\system32\kduvbxvf.dll
C:\WINDOWS\system32\kernel.dll
C:\WINDOWS\system32\kgyaluou.ini
C:\WINDOWS\system32\kigwlaqk.dll
C:\WINDOWS\system32\korxppqg.dll
C:\WINDOWS\system32\kqsdgone.dll
C:\WINDOWS\system32\kslvndva.dll
C:\WINDOWS\system32\ksssbmnx.dll
C:\WINDOWS\system32\kwvgejxd.ini
C:\WINDOWS\system32\kxjluvob.ini
C:\WINDOWS\system32\laaoqjwn.dll
C:\WINDOWS\system32\ladxtffv.ini
C:\WINDOWS\system32\ldhvkcyr.exe
C:\WINDOWS\system32\ldrikveh.dll
C:\WINDOWS\system32\lejkmeat.ini
C:\WINDOWS\system32\lflcjppb.exe
C:\WINDOWS\system32\llryrgvb.dll
C:\WINDOWS\system32\lmjhavbd.ini
C:\WINDOWS\system32\lqayxwte.ini
C:\WINDOWS\system32\lqsppamf.ini
C:\WINDOWS\system32\lryekhed.dll
C:\WINDOWS\system32\mdmpcxsc.dll
C:\WINDOWS\system32\mfqoxjnb.ini
C:\WINDOWS\system32\mfsaqkvv.exe
C:\WINDOWS\system32\mfygveln.ini
C:\WINDOWS\system32\mgfmbqqm.exe
C:\WINDOWS\system32\mkkibjye.dll
C:\WINDOWS\system32\mlkplmwb.ini
C:\WINDOWS\system32\mojtsgxf.dll
C:\WINDOWS\system32\mpyekmqq.ini
C:\WINDOWS\system32\mrugceuu.ini
C:\WINDOWS\system32\mrvomcvx.dll
C:\WINDOWS\system32\mtgwmoou.dll
C:\WINDOWS\system32\mtwmybjq.dll
C:\WINDOWS\system32\mwrovbdj.dll
C:\WINDOWS\system32\nadxcocc.dll
C:\WINDOWS\system32\ngpavqjx.ini
C:\WINDOWS\system32\niwvojaw.exe
C:\WINDOWS\system32\nlevgyfm.dll
C:\WINDOWS\system32\nmwlvirj.exe
C:\WINDOWS\system32\nnojamrx.exe
C:\WINDOWS\system32\novurmtk.exe
C:\WINDOWS\system32\nphrtvtx.dll
C:\WINDOWS\system32\nrxilofw.ini
C:\WINDOWS\system32\nwcobava.dll
C:\WINDOWS\system32\nxyaojhq.ini
C:\WINDOWS\system32\obswbssj.ini
C:\WINDOWS\system32\odiywfpy.exe
C:\WINDOWS\system32\oeyilqvm.dll
C:\WINDOWS\system32\ofjcqtua.dll
C:\WINDOWS\system32\ogrwehqn.dll
C:\WINDOWS\system32\onmttfad.exe
C:\WINDOWS\system32\orurgkfe.ini
C:\WINDOWS\system32\oxoidinu.dll
C:\WINDOWS\system32\oybabkec.ini
C:\WINDOWS\system32\oycypmhf.dll
C:\WINDOWS\system32\oyhtbuwv.dll
C:\WINDOWS\system32\pbcjyrbu.dll
C:\WINDOWS\system32\pgfgldht.dll
C:\WINDOWS\system32\pgwdiniu.dll
C:\WINDOWS\system32\pihevpcf.exe
C:\WINDOWS\system32\poikudwx.exe
C:\WINDOWS\system32\prhbohqs.ini
C:\WINDOWS\system32\psdjboid.dll
C:\WINDOWS\system32\pwkmqywe.ini
C:\WINDOWS\system32\pyrfsaxq.dll
C:\WINDOWS\system32\qcvkgvxu.ini
C:\WINDOWS\system32\qhjoayxn.dll
C:\WINDOWS\system32\qifknapb.exe
C:\WINDOWS\system32\qiqaljww.dll
C:\WINDOWS\system32\qmjyeeoi.dll
C:\WINDOWS\system32\qnicphgk.exe
C:\WINDOWS\system32\qprtewsc.dll
C:\WINDOWS\system32\qqmkeypm.dll
C:\WINDOWS\system32\qqwkjtps.dll
C:\WINDOWS\system32\qtkphaxd.exe
C:\WINDOWS\system32\qwklsfkf.exe
C:\WINDOWS\system32\qxasfryp.ini
C:\WINDOWS\system32\qxylgrjg.ini
C:\WINDOWS\system32\qyskxlqk.dll
C:\WINDOWS\system32\raeolsyj.ini
C:\WINDOWS\system32\rcedarjh.exe
C:\WINDOWS\system32\rcffflwb.ini
C:\WINDOWS\system32\rcriuece.ini
C:\WINDOWS\system32\rfiknapc.dll
C:\WINDOWS\system32\rhhbjhsr.exe
C:\WINDOWS\system32\riyyjxrn.dll
C:\WINDOWS\system32\rrasulss.exe
C:\WINDOWS\system32\RunOnce2.t__
C:\WINDOWS\system32\rupchyxv.dll
C:\WINDOWS\system32\ruwmhpys.ini
C:\WINDOWS\system32\rwdvwsiw.exe
C:\WINDOWS\system32\ryyardtd.ini
C:\WINDOWS\system32\sbnxfnbc.dll
C:\WINDOWS\system32\scicejkx.ini
C:\WINDOWS\system32\scmcxbup.exe
C:\WINDOWS\system32\snlqxbro.exe
C:\WINDOWS\system32\snvogwgx.dll
C:\WINDOWS\system32\socjbycc.dll
C:\WINDOWS\system32\sptjkwqq.ini
C:\WINDOWS\system32\sqhobhrp.dll
C:\WINDOWS\system32\srbinera.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\swibprsm.dll
C:\WINDOWS\system32\syphmwur.dll
C:\WINDOWS\system32\taemkjel.dll
C:\WINDOWS\system32\tffhgodw.dll
C:\WINDOWS\system32\tgklgggn.dll
C:\WINDOWS\system32\tlldaecv.dll
C:\WINDOWS\system32\tnnqagap.exe
C:\WINDOWS\system32\tpfcmvsx.ini
C:\WINDOWS\system32\tpmywuiu.dll
C:\WINDOWS\system32\trbjsype.exe
C:\WINDOWS\system32\ttpyqura.ini
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.tmp
C:\WINDOWS\system32\twddvuet.exe
C:\WINDOWS\system32\txstyfgn.exe
C:\WINDOWS\system32\ubryjcbp.ini
C:\WINDOWS\system32\ubucobvu.dll
C:\WINDOWS\system32\ucxnhugm.exe
C:\WINDOWS\system32\udncbmjk.dll
C:\WINDOWS\system32\uewbpsun.dll
C:\WINDOWS\system32\ufywrqck.dll
C:\WINDOWS\system32\ugapxfqh.dll
C:\WINDOWS\system32\uinidwgp.ini
C:\WINDOWS\system32\ukmvkany.dll
C:\WINDOWS\system32\unidioxo.ini
C:\WINDOWS\system32\uoulaygk.dll
C:\WINDOWS\system32\utlmtjxh.ini
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\uttss.tmp
C:\WINDOWS\system32\uuecgurm.dll
C:\WINDOWS\system32\uvexjutg.dll
C:\WINDOWS\system32\uxasshwc.dll
C:\WINDOWS\system32\uxvgkvcq.dll
C:\WINDOWS\system32\vfftxdal.dll
C:\WINDOWS\system32\vfyaqtai.dll
C:\WINDOWS\system32\viirmukv.dll
C:\WINDOWS\system32\vintitxc.exe
C:\WINDOWS\system32\voqfgbyg.exe
C:\WINDOWS\system32\vqyokdwv.dll
C:\WINDOWS\system32\vwdkoyqv.ini
C:\WINDOWS\system32\vxyhcpur.ini
C:\WINDOWS\system32\wdoghfft.ini
C:\WINDOWS\system32\wfolixrn.dll
C:\WINDOWS\system32\whendkfx.dll
C:\WINDOWS\system32\winupd_KB95349334.exe
C:\WINDOWS\system32\wjpsrwob.ini
C:\WINDOWS\system32\wshtliry.dll
C:\WINDOWS\system32\wspriskw.dll
C:\WINDOWS\system32\wswfsrbd.dll
C:\WINDOWS\system32\wtdbqjfe.dll
C:\WINDOWS\system32\wtrwvmde.dll
C:\WINDOWS\system32\wvkxqejg.dll
C:\WINDOWS\system32\xauklwuy.exe
C:\WINDOWS\system32\xaxtdomp.dll
C:\WINDOWS\system32\xfhexmsg.ini
C:\WINDOWS\system32\xhcbwqnu.dll
C:\WINDOWS\system32\xioqmemq.dll
C:\WINDOWS\system32\xjqvapgn.dll
C:\WINDOWS\system32\xkjecics.dll
C:\WINDOWS\system32\xmydigds.dll
C:\WINDOWS\system32\xpowmssf.dll
C:\WINDOWS\system32\xsgltbfc.dll
C:\WINDOWS\system32\xsvmcfpt.dll
C:\WINDOWS\system32\xtcwcxdk.exe
C:\WINDOWS\system32\xvcmovrm.ini
C:\WINDOWS\system32\yayxyyv.dll
C:\WINDOWS\system32\yjodetns.exe
C:\WINDOWS\system32\youpurce.ini
C:\WINDOWS\system32\yqydvehl.exe
C:\WINDOWS\system32\yvjahttf.dll
C:\WINDOWS\system32\yxavtkei.dll
C:\WINDOWS\system32runonce2.t__
C:\WINDOWS\system32runonce2.tm_
C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\Tasks.\At10.job
C:\WINDOWS\Tasks.\At11.job
C:\WINDOWS\Tasks.\At12.job
C:\WINDOWS\Tasks.\At13.job
C:\WINDOWS\Tasks.\At14.job
C:\WINDOWS\Tasks.\At15.job
C:\WINDOWS\Tasks.\At16.job
C:\WINDOWS\Tasks.\At17.job
C:\WINDOWS\Tasks.\At18.job
C:\WINDOWS\Tasks.\At19.job
C:\WINDOWS\Tasks.\At2.job
C:\WINDOWS\Tasks.\At20.job
C:\WINDOWS\Tasks.\At21.job
C:\WINDOWS\Tasks.\At22.job
C:\WINDOWS\Tasks.\At23.job
C:\WINDOWS\Tasks.\At24.job
C:\WINDOWS\Tasks.\At3.job
C:\WINDOWS\Tasks.\At4.job
C:\WINDOWS\Tasks.\At5.job
C:\WINDOWS\Tasks.\At6.job
C:\WINDOWS\Tasks.\At7.job
C:\WINDOWS\Tasks.\At8.job
C:\WINDOWS\Tasks.\At9.job
C:\WINDOWS\WebAssist.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NDNET1
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NTLDR.SYS
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\core
-------\DomainService
-------\kprof
-------\ntldr.sys
-------\poof
-------\RpcApi


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 12:26 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-11 12:10 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 11:54 75,284 --a------ C:\WINDOWS\system32\xujcqsqt.exe
2007-08-10 20:33 75,284 --a------ C:\WINDOWS\system32\xwdshdqe.exe
2007-08-10 20:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-08-10 16:47 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-10 16:47 120,852 --a------ C:\WINDOWS\system32\crdijgkv.dll
2007-08-10 16:46 75,284 --a------ C:\WINDOWS\system32\parxapsl.exe
2007-08-10 16:04 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-10 16:02 9,728 --a--c--- C:\WINDOWS\system32\dllcache\query.exe
2007-08-10 16:02 86,073 --a--c--- C:\WINDOWS\system32\dllcache\voicesub.dll
2007-08-10 16:02 8,704 --a--c--- C:\WINDOWS\system32\dllcache\snmptrap.exe
2007-08-10 16:02 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2007-08-10 16:02 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2007-08-10 16:02 76,288 --a--c--- C:\WINDOWS\system32\dllcache\uniime.dll
2007-08-10 16:02 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-08-10 16:02 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-08-10 16:02 6,144 --a--c--- C:\WINDOWS\system32\dllcache\snmpmib.dll
2007-08-10 16:02 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2007-08-10 16:02 53,760 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2007-08-10 16:02 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smimsgif.dll
2007-08-10 16:02 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2007-08-10 16:02 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-08-10 16:02 455,168 --a--c--- C:\WINDOWS\system32\dllcache\tintsetp.exe
2007-08-10 16:02 44,032 --a--c--- C:\WINDOWS\system32\dllcache\tintlphr.exe
2007-08-10 16:02 426,041 --a--c--- C:\WINDOWS\system32\dllcache\voicepad.dll
2007-08-10 16:02 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-08-10 16:02 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2007-08-10 16:02 38,912 --a--c--- C:\WINDOWS\system32\dllcache\sm9aw.dll
2007-08-10 16:02 36,927 --a--c--- C:\WINDOWS\system32\dllcache\padrs411.dll
2007-08-10 16:02 358,400 --a--c--- C:\WINDOWS\system32\dllcache\snmpincl.dll
2007-08-10 16:02 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2007-08-10 16:02 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2007-08-10 16:02 31,744 --a--c--- C:\WINDOWS\system32\dllcache\sma3w.dll
2007-08-10 16:02 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-08-10 16:02 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm87w.dll
2007-08-10 16:02 30,208 --a--c--- C:\WINDOWS\system32\dllcache\sm81w.dll
2007-08-10 16:02 29,184 --a--c--- C:\WINDOWS\system32\dllcache\sm8cw.dll
2007-08-10 16:02 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2007-08-10 16:02 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm92w.dll
2007-08-10 16:02 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2007-08-10 16:02 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm90w.dll
2007-08-10 16:02 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8dw.dll
2007-08-10 16:02 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm8aw.dll
2007-08-10 16:02 26,112 --a--c--- C:\WINDOWS\system32\dllcache\sm89w.dll
2007-08-10 16:02 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2007-08-10 16:02 25,088 --a--c--- C:\WINDOWS\system32\dllcache\sm59w.dll
2007-08-10 16:02 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2007-08-10 16:02 236,544 --a--c--- C:\WINDOWS\system32\dllcache\smi2smir.exe
2007-08-10 16:02 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2007-08-10 16:02 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2007-08-10 16:02 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2007-08-10 16:02 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2007-08-10 16:02 188,416 --a--c--- C:\WINDOWS\system32\dllcache\snmpsmir.dll
2007-08-10 16:02 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2007-08-10 16:02 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2007-08-10 16:02 175,104 --a--c--- C:\WINDOWS\system32\dllcache\pintlcsa.dll
2007-08-10 16:02 16,384 --a--c--- C:\WINDOWS\system32\dllcache\quser.exe
2007-08-10 16:02 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2007-08-10 16:02 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll
2007-08-10 16:02 15,360 --a--c--- C:\WINDOWS\system32\dllcache\padrs804.dll
2007-08-10 16:02 143,422 --a--c--- C:\WINDOWS\system32\dllcache\softkey.dll
2007-08-10 16:02 14,848 --a--c--- C:\WINDOWS\system32\dllcache\register.exe
2007-08-10 16:02 14,336 --a--c--- C:\WINDOWS\system32\dllcache\tsprof.exe
2007-08-10 16:02 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-08-10 16:02 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2007-08-10 16:02 13,192 --a--c--- C:\WINDOWS\system32\dllcache\tdasync.sys
2007-08-10 16:02 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe
2007-08-10 16:02 11,264 --a--c--- C:\WINDOWS\system32\dllcache\pmxmcro.dll
2007-08-10 16:02 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll
2007-08-10 16:02 10,240 --a--c--- C:\WINDOWS\system32\dllcache\tmigrate.dll
2007-08-10 16:02 10,240 --a--c--- C:\WINDOWS\system32\dllcache\snmpstup.dll
2007-08-10 16:01 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2007-08-10 16:01 94,208 --a--c--- C:\WINDOWS\system32\dllcache\fpencode.dll
2007-08-10 16:01 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-08-10 16:01 92,160 --a--c--- C:\WINDOWS\system32\dllcache\evntwin.exe
2007-08-10 16:01 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2007-08-10 16:01 9,216 --a--c--- C:\WINDOWS\system32\dllcache\kbdnecat.dll
2007-08-10 16:01 86,016 --a--c--- C:\WINDOWS\system32\dllcache\imekrmbx.dll
2007-08-10 16:01 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-08-10 16:01 81,976 --a--c--- C:\WINDOWS\system32\dllcache\imjpdct.dll
2007-08-10 16:01 8,704 --a--c--- C:\WINDOWS\system32\dllcache\fxsperf.dll
2007-08-10 16:01 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fxscom.dll
2007-08-10 16:01 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll
2007-08-10 16:01 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2007-08-10 16:01 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2007-08-10 16:01 7,680 --a--c--- C:\WINDOWS\system32\dllcache\kbdnecnt.dll
2007-08-10 16:01 7,680 --a--c--- C:\WINDOWS\system32\dllcache\ftpctrs2.dll
2007-08-10 16:01 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdnec95.dll
2007-08-10 16:01 7,168 --a--c--- C:\WINDOWS\system32\dllcache\kbdibm02.dll
2007-08-10 16:01 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll
2007-08-10 16:01 6,656 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41a.dll
2007-08-10 16:01 6,656 --a--c--- C:\WINDOWS\system32\dllcache\fxsres.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdth3.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdth2.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdlk41j.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdinpun.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106n.dll
2007-08-10 16:01 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101a.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 15:56 25536 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-21 15:48 57344 --a------ C:\WINDOWS\system32\sytem32.exe
2007-05-21 15:48 22 --a------ C:\WINDOWS\system32\stat.dll
2007-05-19 19:25 169472 --a------ C:\WINDOWS\system32\rswtk.dll
2007-05-18 12:57 3638 --a------ C:\sysqnah.exe
2007-05-14 19:01 2958 --a------ C:\WINDOWS\system32\tmp.reg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7581E8E-0F5B-4D50-9057-E7F605906274}]
C:\WINDOWS\system32\hrekkfad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1CBCE80-E441-4D42-AA27-8B4C8B686CCb}]
2007-08-10 16:47 120852 --a------ C:\WINDOWS\system32\crdijgkv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 08:00]
"HostManager"="C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe" [2006-09-25 20:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Windows Setup Manger"="h" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

R2 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
S2 Owim60;Owim60;C:\WINDOWS\system32\Owim60.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 13:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 13:20:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 13:20

--- E O F ---

#5 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 August 2007 - 12:45 PM

here is HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:40:59 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://89.188.16.10/trafc-2/rfe.php?cmp=wa...mp;lid=http>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A7581E8E-0F5B-4D50-9057-E7F605906274} - C:\WINDOWS\system32\hrekkfad.dll (file missing)
O2 - BHO: (no name) - {D1CBCE80-E441-4D42-AA27-8B4C8B686CCb} - C:\WINDOWS\system32\crdijgkv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Setup Manger] h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179875764171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179916829625
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:05:16 AM

Posted 11 August 2007 - 02:17 PM

Hello jshepwnc,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://89.188.16.10/trafc-2/rfe.php?cmp=wa...mp;lid=http>
O2 - BHO: (no name) - {A7581E8E-0F5B-4D50-9057-E7F605906274} - C:\WINDOWS\system32\hrekkfad.dll (file missing)
O2 - BHO: (no name) - {D1CBCE80-E441-4D42-AA27-8B4C8B686CCb} - C:\WINDOWS\system32\crdijgkv.dll
O4 - HKCU\..\Run: [Windows Setup Manger] h
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\xujcqsqt.exe
C:\WINDOWS\system32\xwdshdqe.exe
C:\WINDOWS\system32\igfxres.dll
C:\WINDOWS\system32\crdijgkv.dll
C:\WINDOWS\system32\parxapsl.exe
C:\WINDOWS\system32\sytem32.exe
C:\WINDOWS\system32\rswtk.dll
C:\sysqnah.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfix.chm
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#7 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 August 2007 - 02:36 PM

OTMoveit results:

ile/Folder not found.
C:\WINDOWS\system32\xujcqsqt.exe moved successfully.
File/Folder C:\WINDOWS\system32\xwdshdqe.exe not found.
File/Folder C:\WINDOWS\system32\igfxres.dll not found.
File/Folder C:\WINDOWS\system32\crdijgkv.dll not found.
File/Folder C:\WINDOWS\system32\parxapsl.exe not found.
File/Folder C:\WINDOWS\system32\sytem32.exe not found.
File/Folder C:\WINDOWS\system32\rswtk.dll not found.
File/Folder C:\sysqnah.exe not found.
File/Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfix.chm not found.

Created on 08/11/2007 15:35:38

#8 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 11 August 2007 - 02:43 PM

here is latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:42:36 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D1CBCE80-E441-4D42-AA27-8B4C8B686CCb} - C:\WINDOWS\system32\crdijgkv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179875764171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179916829625
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

#9 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 12 August 2007 - 10:52 AM

Thx for your help!
Computer is already running better.

I assume you will give me an "all clear" when we are done?

Thanks again!

#10 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:05:16 AM

Posted 12 August 2007 - 01:43 PM

Hello jshepwnc,

I assume you will give me an "all clear" when we are done?

That would be correct :thumbsup:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Posted Image

#11 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 12 August 2007 - 03:30 PM

Here is Activescan log:


Incident Status Location

Adware:adware/activesearch Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[stats.drivecleaner.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-67e0642b[MagicApplet.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-67e0642b[OwnClassLoader.class]
Virus:Trj/ClassLoader.AF Disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-67e0642b[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Parser.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[NewURLClassLoader.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@2o7[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@atwola[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@counter.hitslink[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@mediaplex[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jody-bedroom\Desktop\dwnload\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\jody-bedroom\Desktop\scanners and cleaners\ComboFix.exe[nircmd.exe]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jshepard_3\Application Data\Mozilla\Firefox\Profiles\s1r2212r.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jshepard_3\Application Data\Mozilla\Firefox\Profiles\s1r2212r.default\cookies.txt[.winantivirus.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jshepard_3\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jshepard_3\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jshepard_3\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jshepard_3\SmitfraudFix\restart.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\partnership.dll.vir
Adware:Adware/BraveSentry Not disinfected C:\QooBox\Quarantine\C\DOCUME~1\JODY-B~1\ie_updater.exe.vir
Virus:Trj/Agent.FKO Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\0AhcWcX0.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\abjmbvjd.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\abkdudqk.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aehsmxwi.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\akcjagcf.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\akttfkmu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\alvyvvef.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\apytbfun.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\arneevwg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aruqyptt.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\avmcfrow.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bbgdvole.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bckllvsr.dll.vir
Virus:Trj/Downloader.PJT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bfkufkmb.exe.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bgbutyiy.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\blimwise.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bmdygeey.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bmjulcjf.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bnhbnich.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bniewfgp.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bnjxoqfm.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\booxtsgw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bovuljxk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bowrspjw.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwlfffcr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwmlpklm.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cboiihwn.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ccmvpwqd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cekbabyo.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ceogbsgr.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cfjixpyq.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cgbmgrrh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cghoetug.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ckjcrngv.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ckmiatnq.exe.vir
Virus:Trj/Zapchast.CR Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\crypt32net.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cuadeevf.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cwxqiewn.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cyhbcpia.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cynqcroa.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dbvahjml.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\djybdumm.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dkxepqyj.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dmixcsry.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dnnovonc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dshuhfde.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dtdrayyr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dvgatvdc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dwjbefcb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dxjegvwk.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ebxlmrjr.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\eceuircr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ecrupuoy.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\efkgruro.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ekgdqxnw.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\eqgxisje.dll.vir
Virus:Trj/Downloader.PCQ Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\erjnlxbj.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\etwxyaql.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\euijtivy.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ewkdktle.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ewyqmkwp.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fbqevrkb.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fbwngnlc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fcbvvjdr.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fhjdhhfe.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fmappsql.dll.vir
Virus:Trj/Agent.EAZ Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fmgkxqov.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fumbjmvc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fwvlfdli.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gfnlrfxl.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gfwqwtgg.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ghcvpxbk.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gjpunusx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gjrglyxq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gsmxehfx.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gthcqqnv.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\guaylbwa.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gvjhfyjq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hfwhweyq.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hnsxwjlq.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hntqtsip.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hpppwiqx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\htcyqpfh.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hthtyxbd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\htvuhqbe.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hwvowjlu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hxjtmltu.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hxvlixwp.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ipjweyah.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\isibpfhu.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iuscyyar.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ixjpfjnm.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jlivtugw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jssbwsbo.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jvdkdwqn.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jvygarck.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jysloear.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kduvbxvf.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kernel.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kigwlaqk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\korxppqg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kqsdgone.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kslvndva.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ksssbmnx.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\laaoqjwn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ldhvkcyr.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ldrikveh.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lflcjppb.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\llryrgvb.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lryekhed.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mfsaqkvv.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mgfmbqqm.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mkkibjye.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mojtsgxf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mrvomcvx.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtgwmoou.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtwmybjq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mwrovbdj.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nadxcocc.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\niwvojaw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nlevgyfm.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nmwlvirj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nnojamrx.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\novurmtk.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nphrtvtx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nwcobava.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\odiywfpy.exe.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oeyilqvm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ofjcqtua.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ogrwehqn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\onmttfad.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oxoidinu.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oycypmhf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oyhtbuwv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pbcjyrbu.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pgfgldht.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pgwdiniu.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pihevpcf.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\poikudwx.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\psdjboid.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pyrfsaxq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qhjoayxn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qifknapb.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qiqaljww.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qmjyeeoi.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qnicphgk.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qprtewsc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qqmkeypm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qqwkjtps.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qtkphaxd.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qwklsfkf.exe.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qyskxlqk.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rcedarjh.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rfiknapc.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rhhbjhsr.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\riyyjxrn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rrasulss.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rupchyxv.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rwdvwsiw.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\sbnxfnbc.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\scmcxbup.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\snlqxbro.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\snvogwgx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\socjbycc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\sqhobhrp.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srbinera.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\swibprsm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\syphmwur.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\taemkjel.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tffhgodw.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tgklgggn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tlldaecv.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tnnqagap.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tpmywuiu.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\trbjsype.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\twddvuet.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\txstyfgn.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ubucobvu.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ucxnhugm.exe.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\udncbmjk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uewbpsun.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ufywrqck.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ugapxfqh.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ukmvkany.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uoulaygk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uuecgurm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uvexjutg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uxasshwc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uxvgkvcq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vfftxdal.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vfyaqtai.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\viirmukv.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vintitxc.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\voqfgbyg.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vqyokdwv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wfolixrn.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\whendkfx.dll.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wshtliry.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wspriskw.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wswfsrbd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wtdbqjfe.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wtrwvmde.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wvkxqejg.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xauklwuy.exe.vir
Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xaxtdomp.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xhcbwqnu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xioqmemq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xjqvapgn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xkjecics.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xmydigds.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xpowmssf.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xsgltbfc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xsvmcfpt.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xtcwcxdk.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yjodetns.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yqydvehl.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yvjahttf.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yxavtkei.dll.vir
Virus:Generic Trojan Disinfected C:\QooBox\Quarantine\C\WINDOWS\WebAssist.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2007-08-11_131912.60.zip[yayxyyv.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\KB_963493.exe.bak
Virus:Generic Trojan Disinfected C:\_OTMoveIt\MovedFiles\sysqnah.exe
Virus:Trj/Downloader.MDW Disinfected C:\~1.tmp

#12 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:05:16 AM

Posted 12 August 2007 - 10:51 PM

Hello jshepwnc,

It looks like the rest of your log got cut off, could you please try posting the rest of it?
Posted Image

#13 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 13 August 2007 - 08:37 AM

trying again:


Incident Status Location

Adware:adware/activesearch Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Mozilla\Firefox\Profiles\71jf9290.default\cookies.txt[stats.drivecleaner.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-3e1296e4[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-67e0642b[MagicApplet.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-67e0642b[OwnClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-763e984b[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-5d916f6c[Parser.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jody-bedroom\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-1c0955cb[NewURLClassLoader.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@atwola[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@bs.serving-sys[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@counter.hitslink[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@serving-sys[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@trafficmp[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jody-bedroom\Cookies\jody-bedroom@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jody-bedroom\Desktop\dwnload\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\jody-bedroom\Desktop\scanners and cleaners\ComboFix.exe[nircmd.exe]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jshepard_3\Application Data\Mozilla\Firefox\Profiles\s1r2212r.default\cookies.txt[winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\jshepard_3\Application Data\Mozilla\Firefox\Profiles\s1r2212r.default\cookies.txt[.winantivirus.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jshepard_3\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jshepard_3\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jshepard_3\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\jshepard_3\SmitfraudFix\restart.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp
Adware:Adware/BraveSentry Not disinfected C:\QooBox\Quarantine\C\DOCUME~1\JODY-B~1\ie_updater.exe.vir
Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\abkdudqk.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\akcjagcf.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\akttfkmu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\alvyvvef.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\apytbfun.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\arneevwg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aruqyptt.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bbgdvole.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bgbutyiy.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\blimwise.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bmjulcjf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bnjxoqfm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bovuljxk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bowrspjw.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwlfffcr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bwmlpklm.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ccmvpwqd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cekbabyo.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ceogbsgr.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cfjixpyq.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cgbmgrrh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cghoetug.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cuadeevf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cyhbcpia.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\cynqcroa.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dbvahjml.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dmixcsry.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dnnovonc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dshuhfde.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dtdrayyr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dvgatvdc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dwjbefcb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\dxjegvwk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\eceuircr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ecrupuoy.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\efkgruro.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ekgdqxnw.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\eqgxisje.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\etwxyaql.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ewkdktle.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ewyqmkwp.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fbqevrkb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fmappsql.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fumbjmvc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\fwvlfdli.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gfnlrfxl.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gfwqwtgg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gjrglyxq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gsmxehfx.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\guaylbwa.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gvjhfyjq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hfwhweyq.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hnsxwjlq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hpppwiqx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\htcyqpfh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\htvuhqbe.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hwvowjlu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hxjtmltu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ipjweyah.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\isibpfhu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jssbwsbo.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jvygarck.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jysloear.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\korxppqg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kqsdgone.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kslvndva.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ldrikveh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\llryrgvb.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\lryekhed.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mkkibjye.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mojtsgxf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mrvomcvx.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtgwmoou.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mtwmybjq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mwrovbdj.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nadxcocc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nlevgyfm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nphrtvtx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nwcobava.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ofjcqtua.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oxoidinu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oyhtbuwv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pbcjyrbu.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pgfgldht.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pgwdiniu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pyrfsaxq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qhjoayxn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qqmkeypm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qqwkjtps.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rfiknapc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\rupchyxv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\sbnxfnbc.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\snvogwgx.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\socjbycc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\sqhobhrp.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srbinera.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\swibprsm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\syphmwur.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\taemkjel.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tffhgodw.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tgklgggn.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tpmywuiu.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ubucobvu.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\udncbmjk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uewbpsun.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ufywrqck.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ugapxfqh.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ukmvkany.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uoulaygk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uuecgurm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uvexjutg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uxasshwc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\uxvgkvcq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vfftxdal.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vfyaqtai.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\vqyokdwv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wfolixrn.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wswfsrbd.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wtdbqjfe.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wtrwvmde.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wvkxqejg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xhcbwqnu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xioqmemq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xjqvapgn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xkjecics.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xmydigds.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xpowmssf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xsvmcfpt.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yvjahttf.dll.vir
Adware:Adware/WinAntivirus2006 Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yxavtkei.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\catchme2007-08-11_131912.60.zip[yayxyyv.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\KB_963493.exe.bak

#14 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:05:16 AM

Posted 15 August 2007 - 12:37 AM

Hello jshepwnc,

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\QooBox
C:\WINDOWS\system32\KB_963493.exe.bak
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#15 jshepwnc

jshepwnc
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 15 August 2007 - 06:04 PM

I ran ATFcleaner
Then I ran OTmoveit.
When I did it rebooted the machine before I could get a copy of the results.

here is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:04:04 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D1CBCE80-E441-4D42-AA27-8B4C8B686CCb} - C:\WINDOWS\system32\crdijgkv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177551043\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179875764171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179916829625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users