Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Vundo Dropper


  • Please log in to reply
20 replies to this topic

#1 savasg

savasg

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 30 December 2007 - 06:54 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:44, on 30.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....google.com.tr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ursqq.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7460 bytes

I downloaded vundofix and the log as follows:


VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 13:48:50 30.12.2007

Listing files found while scanning....

C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\ursqq.dll
C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 14:12:34 30.12.2007

Listing files found while scanning....

C:\Windows\System32\iiiii.dll
C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Attempting to delete C:\Windows\System32\iiiii.dll
C:\Windows\System32\iiiii.dll Has been deleted!

Attempting to delete C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\jdvtoykx.dll Has been deleted!

Attempting to delete C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\laumpgdv.dll Has been deleted!

Attempting to delete C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini Has been deleted!

Attempting to delete C:\Windows\System32\pqstv.ini2
C:\Windows\System32\pqstv.ini2 Has been deleted!

Attempting to delete C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vdgpmual.ini Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.dll Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.exe
C:\Windows\System32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

And hijack log after vondofix....................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:02, on 30.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....google.com.tr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiiii.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7386 bytes

Edited by savasg, 30 December 2007 - 07:38 AM.


BC AdBot (Login to Remove)

 


m

#2 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 30 December 2007 - 08:17 AM

I tried to follow what the topic says before posting here;
I did install Adaware and delete what's there;
I unstall spy booth and delete what's there as well..
I was scanning online via Bitdefender but it start to delete exe files I thought it may be necessary, so I stopped...
I download vundofix and tried to delete what's there...
basicly I messed up...
here is the log for hijack...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:35, on 30.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O1 - Hosts: ::1 localhost
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiiii.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7373 bytes

#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 30 December 2007 - 09:38 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Using My Computer, navigate to where you have HijackThis saved.
Right-click on the HijackThis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

Then I'd like a new log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 30 December 2007 - 03:38 PM

Thanks charles;

Here is a new log from flufflybunny; and bitdefender log follows....maybe it will help to determine the problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:04, on 30.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {414F6ABB-59F5-4CF8-83D2-C34F80130645} - C:\Windows\system32\vtsqp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {f0908da4-4adf-e529-d5b4-114c6c7d4947} - {7494d7c6-c411-4b5d-925e-fda44ad8090f} - C:\Windows\system32\jdvtoykx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A384A697-9CD5-4B84-9B7E-22A3D813F1BC} - C:\Windows\system32\vtsqp.dll
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\Windows\system32\iiiii.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiiii.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8302 bytes

and Bit defender log......................................................
BitDefender Online Scanner



Scan report generated at: Sun, Dec 30, 2007 - 16:11:55





Scan path: C:\;D:\;E:\;H:\;I:\;J:\;K:\;







Statistics

Time
00:35:57

Files
192084

Folders
11485

Boot Sectors
3

Archives
2716

Packed Files
10715




Results

Identified Viruses
3

Infected Files
12

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
884763

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Report

Second Action
None

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
Infected with: Trojan.Dropper.Vundo.E

C:\Program Files\Alwil Software\Avast4\ashDisp.exe
Infected with: Trojan.Dropper.Vundo.E

C:\Users\CASPER\AppData\Local\Temp\tmp00009c9c
Infected with: Trojan.Vundo.DTJ

C:\Users\CASPER\AppData\Local\Temp\tmp0000bb52
Infected with: Trojan.Vundo.DTJ

C:\Users\CASPER\AppData\Local\Temp\tmp000122cb
Infected with: Trojan.Vundo.DTJ

C:\Users\CASPER\AppData\Local\Temp\tmp00014ce7
Infected with: Trojan.Vundo.DTJ

C:\Users\CASPER\AppData\Local\Temp\tmp00016ab3
Infected with: Trojan.Vundo.DTJ

C:\VundoFix Backups\iiiii.dll.bad
Infected with: Trojan.Vundo.DTJ

C:\VundoFix Backups\vtsqp.dll.bad
Infected with: Trojan.Vundo.ZAA

C:\VundoFix Backups\vtsqp.exe.bad
Infected with: Trojan.Dropper.Vundo.E

C:\Windows\System32\vtsqp.dll
Infected with: Trojan.Vundo.ZAA

C:\Windows\System32\vtsqp.exe
Infected with: Trojan.Dropper.Vundo.E

Edited by savasg, 30 December 2007 - 04:23 PM.


#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 01 January 2008 - 05:55 AM

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 01 January 2008 - 08:50 PM

Dear Chales;

I have run vundofix couple of times already but the same files comingup again;

Here is the vundo fix text including earlier runs and fluffybunny (now hijack again) follows.....


VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 13:48:50 30.12.2007

Listing files found while scanning....

C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\ursqq.dll
C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 14:12:34 30.12.2007

Listing files found while scanning....

C:\Windows\System32\iiiii.dll
C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Attempting to delete C:\Windows\System32\iiiii.dll
C:\Windows\System32\iiiii.dll Has been deleted!

Attempting to delete C:\Windows\System32\jdvtoykx.dll
C:\Windows\System32\jdvtoykx.dll Has been deleted!

Attempting to delete C:\Windows\System32\laumpgdv.dll
C:\Windows\System32\laumpgdv.dll Has been deleted!

Attempting to delete C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini Has been deleted!

Attempting to delete C:\Windows\System32\pqstv.ini2
C:\Windows\System32\pqstv.ini2 Has been deleted!

Attempting to delete C:\Windows\System32\vdgpmual.ini
C:\Windows\System32\vdgpmual.ini Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.dll Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.exe
C:\Windows\System32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 14:43:07 30.12.2007

Listing files found while scanning....

C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 09:23:37 31.12.2007

Listing files found while scanning....

C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Attempting to delete C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini Has been deleted!

Attempting to delete C:\Windows\System32\pqstv.ini2
C:\Windows\System32\pqstv.ini2 Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.dll Has been deleted!

Attempting to delete C:\Windows\System32\vtsqp.exe
C:\Windows\System32\vtsqp.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 03:22:21 02.01.2008

Listing files found while scanning....

C:\Windows\System32\pqstv.ini
C:\Windows\System32\pqstv.ini2
C:\Windows\System32\vtsqp.dll
C:\Windows\System32\vtsqp.exe

Beginning removal...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:48:26, on 02.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {28F94447-3784-4149-A1A3-BBD153B231D2} - C:\Windows\system32\vtsqp.dll
O2 - BHO: (no name) - {30E243E2-771D-4ED2-9879-9647727C8C5C} - C:\Windows\system32\vtsqp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {f0908da4-4adf-e529-d5b4-114c6c7d4947} - {7494d7c6-c411-4b5d-925e-fda44ad8090f} - C:\Windows\system32\jdvtoykx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\Windows\system32\iiiii.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiiii.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 8422 bytes

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 02 January 2008 - 04:13 PM

Hello again,
Please print off a copy of these instructions, and also save them to a Notepad file on your Desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\system32\vtsqp.exe
O2 - BHO: (no name) - {28F94447-3784-4149-A1A3-BBD153B231D2} - C:\Windows\system32\vtsqp.dll
O2 - BHO: (no name) - {30E243E2-771D-4ED2-9879-9647727C8C5C} - C:\Windows\system32\vtsqp.dll
O2 - BHO: {f0908da4-4adf-e529-d5b4-114c6c7d4947} - {7494d7c6-c411-4b5d-925e-fda44ad8090f} - C:\Windows\system32\jdvtoykx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\Windows\system32\iiiii.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiiii.dll,#1
O4 - HKLM\..\Run: [34a5e015] rundll32.exe "C:\Windows\system32\laumpgdv.dll",b


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Find and delete the following files (if present):

C:\Windows\system32\iiiii.dll
C:\Windows\system32\laumpgdv.dll

Reboot into Normal Mode again.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

In your reply I would like to see a brand new HijackThis log and the Combofix.txt file.

Edited by rookie147, 02 January 2008 - 04:13 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 03 January 2008 - 01:56 AM

Hi and thanks again;

Combofix deleted some file but could not produce a log file on the reboot;
Should I right run again?
Here is the hijack log after combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:10, on 03.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7193 bytes

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 January 2008 - 09:49 AM

Combofix deleted some file but could not produce a log file on the reboot;
Should I right run again?

Yes please.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 03 January 2008 - 01:28 PM

Hi again Charles;

Here is the combo fix log, hijack log follows...

ComboFix 08-01-03.3 - CASPER 2008-01-03 20:14:30.2 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6000.0.1254.1.1055.18.534 [GMT 2:00]
Running from: C:\Users\CASPER\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\necogptv.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 08:17 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-02 19:32 . 2008-01-03 07:34 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-01-02 03:39 . 2008-01-02 03:39 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2007-12-30 13:48 . 2008-01-02 03:38 <DIR> d-------- C:\VundoFix Backups
2007-12-30 13:44 . 2007-12-30 13:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 12:42 . 2007-12-30 22:31 <DIR> d-------- C:\Windows\BDOSCAN8
2007-12-30 00:47 . 2007-12-30 01:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-12-30 00:47 . 2007-12-30 01:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-12-29 22:27 . 2007-12-29 22:27 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-29 22:27 . 2007-12-29 22:27 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-29 22:27 . 2007-12-29 22:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-29 22:26 . 2007-12-29 22:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-27 14:56 . 2007-12-27 14:56 151 --a------ C:\Windows\PhotoSnapViewer.INI
2007-12-23 11:46 . 2007-12-30 12:08 4,431,872 --a------ C:\Windows\RtHDVCpl .exe
2007-12-21 19:22 . 2007-12-21 19:22 56,480 --a------ C:\Users\CASPER\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-12-21 19:06 . 2007-12-30 12:08 270,336 --a------ C:\Windows\tsnp2std .exe
2007-12-21 19:05 . 2007-12-30 12:08 344,064 --a------ C:\Windows\vsnp2std .exe
2007-12-21 19:05 . 2007-12-30 12:08 176,128 --a------ C:\Windows\System32\S3trayp .exe
2007-12-21 19:05 . 2007-12-30 12:08 20,480 --a------ C:\Windows\FixCamera .exe
2007-12-13 21:59 . 2007-12-13 21:59 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\AdobeUM
2007-12-13 21:32 . 2007-12-13 21:32 <DIR> d-------- C:\Windows\System32\Adobe
2007-12-13 21:32 . 2004-08-17 03:40 16,384 --a------ C:\Windows\System32\FileOps.exe
2007-12-13 21:20 . 2007-12-13 21:20 <DIR> d-------- C:\Users\All Users\Adobe Systems
2007-12-13 21:20 . 2007-12-13 21:20 <DIR> d-------- C:\ProgramData\Adobe Systems
2007-12-13 21:17 . 2007-12-13 21:17 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-12-13 03:04 . 2007-12-13 03:04 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-13 03:04 . 2007-12-13 03:04 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-13 03:04 . 2007-12-13 03:04 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-13 03:04 . 2007-12-13 03:04 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-13 03:02 . 2007-12-13 03:02 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2007-12-13 03:02 . 2007-12-13 03:02 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2007-12-13 03:02 . 2007-12-13 03:02 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2007-12-13 03:02 . 2007-12-13 03:02 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2007-12-13 03:01 . 2007-12-13 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 03:01 . 2007-12-13 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 03:01 . 2007-12-13 03:01 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-06 03:01 . 2007-12-06 03:01 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2007-12-06 03:01 . 2007-12-06 03:01 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2007-12-06 03:01 . 2007-12-06 03:01 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2007-12-06 03:01 . 2007-12-06 03:01 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2007-12-06 03:01 . 2007-12-06 03:01 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2007-12-06 03:01 . 2007-12-06 03:01 8,704 --a------ C:\Windows\System32\hcrstco.dll
2007-12-06 03:01 . 2007-12-06 03:01 8,704 --a------ C:\Windows\System32\hccoin.dll
2007-12-06 03:01 . 2007-12-06 03:01 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2007-12-05 23:00 . 2007-12-05 23:00 <DIR> d-------- C:\Users\All Users\GRETECH
2007-12-05 23:00 . 2007-12-05 23:00 <DIR> d-------- C:\ProgramData\GRETECH
2007-12-05 22:59 . 2007-12-05 22:59 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\GRETECH
2007-12-05 22:59 . 2007-12-05 22:59 <DIR> d-------- C:\Program Files\GRETECH
2007-12-05 18:01 . 2007-12-05 18:01 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Media Player Classic
2007-12-05 03:44 . 2007-12-21 12:01 69 --a------ C:\Windows\NeroDigital.ini
2007-12-04 22:02 . 2007-12-04 22:02 230,424 --a------ C:\snp2sxp-001.raw
2007-12-04 10:56 . 2007-12-04 10:56 268 --ah----- C:\sqmdata03.sqm
2007-12-04 10:56 . 2007-12-04 10:56 244 --ah----- C:\sqmnoopt03.sqm
2007-12-03 22:05 . 2007-12-05 12:03 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\BSplayer PRO
2007-12-03 22:05 . 2007-12-03 22:05 <DIR> d-------- C:\Program Files\Webteh
2007-12-03 22:02 . 2007-12-03 22:02 <DIR> d-------- C:\Program Files\7-Zip
2007-12-03 21:25 . 2007-12-03 21:25 <DIR> d-------- C:\Program Files\uTorrent
2007-12-03 21:24 . 2008-01-03 20:08 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\uTorrent
2007-12-03 21:10 . 2007-12-03 21:10 268 --ah----- C:\sqmdata02.sqm
2007-12-03 21:10 . 2007-12-03 21:10 244 --ah----- C:\sqmnoopt02.sqm
2007-12-03 20:30 . 2007-12-03 20:30 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2007-12-03 20:29 . 2007-12-03 20:29 <DIR> d--h----- C:\Users\All Users\CanonBJ
2007-12-03 20:29 . 2007-12-03 20:29 <DIR> d--h----- C:\ProgramData\CanonBJ
2007-12-03 20:27 . 2007-12-03 20:27 <DIR> d--h----- C:\Program Files\CanonBJ
2007-12-03 20:27 . 2007-12-03 20:31 <DIR> d-------- C:\Program Files\Canon
2007-12-03 20:27 . 2006-11-06 07:00 198,656 --a------ C:\Windows\System32\CNMLM8O.DLL
2007-12-03 20:23 . 2007-12-03 20:23 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-12-03 20:23 . 2007-05-10 16:10 12,179,584 --a------ C:\Windows\System32\drivers\snp2sxp.sys
2007-12-03 20:23 . 2007-02-05 15:25 151,552 --a------ C:\Windows\System32\rsnp2std.dll
2007-12-03 20:23 . 2006-07-03 10:31 94,208 --a------ C:\Windows\amcap.exe
2007-12-03 20:23 . 2006-11-16 15:57 77,824 --a------ C:\Windows\System32\csnp2std.dll
2007-12-03 20:23 . 2007-05-12 11:20 69,632 --a------ C:\Windows\System32\vsnp2std.dll
2007-12-03 20:23 . 2007-01-25 18:48 25,472 --a------ C:\Windows\System32\drivers\sncamd.sys
2007-12-03 20:23 . 2004-12-09 17:23 15,497 --a------ C:\Windows\snp2std.ini
2007-12-03 20:23 . 2004-12-09 17:23 13,022 --a------ C:\Windows\snp2std.src
2007-12-03 20:22 . 2007-12-03 20:22 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\InstallShield
2007-12-03 19:01 . 2007-12-03 19:01 268 --ah----- C:\sqmdata01.sqm
2007-12-03 19:01 . 2007-12-03 19:01 244 --ah----- C:\sqmnoopt01.sqm
2007-12-03 18:57 . 2007-12-03 18:57 <DIR> d-------- C:\Program Files\Empire Interactive
2007-12-03 18:29 . 2007-12-03 18:29 <DIR> d-------- C:\Users\All Users\Real
2007-12-03 18:29 . 2007-12-03 18:29 <DIR> d-------- C:\Users\All Users\Apple Computer
2007-12-03 18:29 . 2007-12-03 18:29 <DIR> d-------- C:\ProgramData\Apple Computer
2007-12-03 18:29 . 2007-12-03 18:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-03 18:25 . 2007-12-03 18:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2007-12-03 18:19 . 2007-12-03 18:19 268 --ah----- C:\sqmdata00.sqm
2007-12-03 18:19 . 2007-12-03 18:19 244 --ah----- C:\sqmnoopt00.sqm
2007-12-03 18:18 . 2007-12-03 18:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-03 18:18 . 2003-03-18 22:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2007-12-03 18:18 . 2007-12-04 15:04 837,496 --a------ C:\Windows\System32\aswBoot.exe
2007-12-03 18:18 . 2003-03-18 21:14 499,712 --a------ C:\Windows\System32\MSVCP71.dll
2007-12-03 18:18 . 2004-01-09 11:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2007-12-03 18:18 . 2003-02-21 05:42 348,160 --a------ C:\Windows\System32\MSVCR71.dll
2007-12-03 18:18 . 2007-12-04 14:54 95,608 --a------ C:\Windows\System32\AVASTSS.scr
2007-12-03 18:18 . 2007-12-04 16:52 45,648 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2007-12-03 18:18 . 2007-12-04 16:51 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2007-12-03 18:18 . 2007-12-04 16:53 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2007-12-03 18:16 . 2007-12-03 18:16 <DIR> d-------- C:\Users\CASPER\AppData\Roaming\Winamp
2007-12-03 18:16 . 2007-12-03 18:17 <DIR> d-------- C:\Program Files\Winamp
2007-12-03 18:15 . 2007-12-03 18:15 <DIR> d-------- C:\Windows\Downloaded Installations
2007-12-03 18:15 . 2007-12-03 18:16 <DIR> d-------- C:\Users\All Users\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 20:50 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-13 01:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 01:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 01:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-04 19:51 --------- d-----w C:\Users\CASPER\AppData\Roaming\Ahead
2007-12-04 10:53 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-04 10:53 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-04 10:53 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-04 10:53 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-04 10:53 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-04 10:53 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-04 10:53 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-04 10:53 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-04 10:53 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-04 10:53 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-04 10:53 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-04 10:52 --------- d-----w C:\Program Files\Windows Mail
2007-12-03 16:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-04 19:45 --------- d-----w C:\Program Files\ATI Technologies
2007-11-04 16:14 --------- d-----w C:\Users\CASPER\AppData\Roaming\ATI
2007-11-04 16:11 --------- d-----w C:\Program Files\ATI
2007-11-04 15:53 --------- d-----w C:\ProgramData\NVIDIA
2007-11-02 06:28 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-02 06:28 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-02 06:28 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-02 06:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-02 06:27 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-11-02 06:27 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-11-02 06:27 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-11-02 06:18 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-11-02 06:18 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-11-02 06:18 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-11-02 06:18 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-11-02 06:18 33,624 ----a-w C:\Windows\System32\wups.dll
2007-11-02 06:18 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-11-02 06:18 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-11-02 06:18 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-11-02 06:18 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-11-02 06:14 174 --sha-w C:\Program Files\desktop.ini
2007-11-02 06:11 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-11-02 06:09 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-02 06:09 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-02 06:09 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-02 06:09 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-02 06:09 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-02 06:09 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-02 06:09 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-02 06:09 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-02 06:09 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-02 06:09 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-02 06:09 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-02 06:09 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-02 06:09 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-02 06:09 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-11-02 06:09 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-11-02 06:08 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-02 06:08 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-02 06:08 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-02 06:08 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-02 06:08 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-02 06:08 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-02 06:08 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-02 06:08 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-02 06:08 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-02 06:08 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-02 06:08 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-02 06:08 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-02 06:08 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-02 06:08 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-10-25 08:26 53,248 ----a-w C:\Windows\bdoscandel.exe
.
----a-w		   856,064 2007-12-30 10:08:22  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w			39,792 2007-12-30 10:08:13  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   398,944 2007-12-29 22:18:01  C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN .EXE
----a-w		   155,648 2007-12-30 10:08:13  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   143,360 2007-12-30 10:08:23  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		 5,674,352 2007-12-24 15:55:31  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-30 10:08:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			20,480 2007-12-30 10:08:18  C:\Windows\FixCamera .exe
----a-w		 4,431,872 2007-12-30 10:08:15  C:\Windows\RtHDVCpl .exe
----a-w		   270,336 2007-12-30 10:08:22  C:\Windows\tsnp2std .exe
----a-w		   344,064 2007-12-30 10:08:23  C:\Windows\vsnp2std .exe
----a-w		   176,128 2007-12-30 10:08:12  C:\Windows\System32\S3trayp .exe


((((((((((((((((((((((((((((( snapshot@2008-01-03_ 8.42.16.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 06:39:11 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-03 18:19:23 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2000-08-31 06:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-01-03 06:13:21 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-03 18:12:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-03 06:39:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 18:19:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-03 18:19:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-03 06:13:23 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-03 18:12:18 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-03 06:39:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-03 18:19:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-03 06:39:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-03 18:19:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-03 06:39:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-03 18:19:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-03 06:39:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-03 18:19:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-03 06:12:33 9,230 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
+ 2008-01-03 18:12:48 9,532 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1368108717-4242774170-1273681994-1000_UserData.bin
- 2008-01-03 06:12:33 71,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 18:12:48 71,966 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-03 06:12:30 34,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-03 18:12:47 34,942 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-15 15:38 1006264]
"RtHDVCpl"="RtHDVCpl.exe" []
"S3Trayp"="S3trayp.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-03 08:11 79224]
"FixCamera"="C:\Windows\FixCamera.exe" [ ]
"tsnp2std"="C:\Windows\tsnp2std.exe" [ ]
"snp2std"="C:\Windows\vsnp2std.exe" [ ]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [ ]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-01-03 08:11 483328]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-13 21:44:02]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 05:13]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-05-10 16:10]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 05:13]
S3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-04-06 10:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc TabletInputService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc WPCSvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 20:19:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 20:22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 18:22:18
ComboFix2.txt 2008-01-03 06:43:01
.
2007-12-20 19:59:21 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:52, on 03.01.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

--
End of file - 7326 bytes

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 04 January 2008 - 10:18 AM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 04 January 2008 - 03:16 PM

Hi Charles;
Panda page says activescan is not working with Vista...any other online scan? bit defender, kaspersky or else, which one you can use?
Regards...

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 06 January 2008 - 11:33 AM

Sorry, I forgot that Panda wasn't compatable with Vista. Try running this scanner from Panda instead, it should work:

Nanoscan
Check the Full scan option.
Then click on the large Scan now button.
If a security warning appears, click on Install to load TotalScan.
Note: You may get a message from your antivirus saying that the website is infected, please ignore it.
Wait for the scan to load and update.
Inputting your email address is optional, you can simply skip it if you do not wish to participate.
Let the scan run; it will probably take a while to complete.
Once it's completed, click on the Save button.
Place the file somwhere where you can eaily find it, like your Desktop.

I'd like to see the contents of the generated report in your next post.

Edited by rookie147, 06 January 2008 - 11:33 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 savasg

savasg
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 06 January 2008 - 05:58 PM

Hi there again;
here is the nano scan log;
I have also scanned with kaspersky; I have added below;

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-07 00:56:00
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 080106-0] 4.7.1098 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@tribalfusion[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@ad.yieldmanager[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@statse.webtrendslive[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@adrevolver[2].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\Users\CASPER\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\Windows\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Users\CASPER\Desktop\ComboFix.exe[nircmd.exe]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\casper@adserver.easyad[1].txt
02887518 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\vtsqp.dll.bad
02887518 Spyware/Virtumonde Spyware No 1 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-075514-118.dll
02887518 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-01-03_ 83932.43.zip[vtsqp.dll]
02888193 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\vtsqp.exe.bad
02888193 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\vtsqp.exe.vir
02889122 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\iiiii.dll.bad
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\laumpgdv.dll.bad
02889400 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\Windows\System32\udqrxalr.dll.vir
02889401 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\jdvtoykx.dll.bad
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 08, 2008 12:12:18 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/01/2008
Kaspersky Anti-Virus database records: 503833
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 93160
Number of viruses found: 5
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 00:45:09

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp27898.instance Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ibdata1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile0 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\logs\VersionCue.log Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-075514-118.dll Infected: Virus.Win32.Trats.c skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.47.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.47.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy52.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91C3.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91C4.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050229.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\QooBox\Quarantine\C\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\QooBox\Quarantine\C\Windows\System32\udqrxalr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\Windows\System32\vtsqp.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\QooBox\Quarantine\catchme2008-01-03_ 83932.43.zip/vtsqp.dll Infected: Virus.Win32.Trats.c skipped
C:\QooBox\Quarantine\catchme2008-01-03_ 83932.43.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008010720080108\index.dat Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat{1e60d62c-1903-11dc-8cdf-0019db83f2d6}.TM.blf Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat{1e60d62c-1903-11dc-8cdf-0019db83f2d6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows\UsrClass.dat{1e60d62c-1903-11dc-8cdf-0019db83f2d6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\CASPER\AppData\Local\Microsoft\Windows Defender\FileTracker\{2F4851F5-478F-4417-8F76-A18541BC5A5C} Object is locked skipped
C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\CASPER\NTUSER.DAT Object is locked skipped
C:\Users\CASPER\ntuser.dat.LOG1 Object is locked skipped
C:\Users\CASPER\ntuser.dat.LOG2 Object is locked skipped
C:\Users\CASPER\NTUSER.DAT{024c5571-6a70-11db-8b20-e67c0f776047}.TM.blf Object is locked skipped
C:\Users\CASPER\NTUSER.DAT{024c5571-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\CASPER\NTUSER.DAT{024c5571-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\VundoFix Backups\iiiii.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped
C:\VundoFix Backups\jdvtoykx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\VundoFix Backups\laumpgdv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\VundoFix Backups\vtsqp.dll.bad Infected: Virus.Win32.Trats.c skipped
C:\VundoFix Backups\vtsqp.exe.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{024c5569-6a70-11db-8b20-e67c0f776047}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{024c5569-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{024c5569-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{024c5565-6a70-11db-8b20-e67c0f776047}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{024c5565-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{024c5565-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\hsperfdata_CASPER-PC$\2296 Object is locked skipped
C:\Windows\Temp\ib16 Object is locked skipped
C:\Windows\Temp\ib17 Object is locked skipped
C:\Windows\Temp\ib18 Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by savasg, 07 January 2008 - 05:16 PM.


#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 08 January 2008 - 04:13 PM

Sorry for the delay, can you also rescan with Combofix for me, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users