Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a


  • Please log in to reply
19 replies to this topic

#1 Apex13

Apex13

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 31 January 2008 - 04:41 AM

I did my best to follow the pre-posting instructions and there's still the same issues as before.

Please help me fix this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:00 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\fpsuqsiw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkll.exe
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [58bfea94] rundll32.exe "C:\WINDOWS\system32\xmlnaskj.dll",b
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [BM5b8cd908] Rundll32.exe "C:\WINDOWS\system32\fmgtpudm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\fpsuqsiw.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 10639 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 11 February 2008 - 09:06 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 13 February 2008 - 02:11 AM

Not a problem; I'm sure there are a lot of people asking for help.

I have not received any outside help, nor have I attempted to fix things on my own (apart from the initial instructions, which I have repeated)

Here is the new log.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:03 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc .exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkll.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F56F130-0CA3-49AA-BE6F-DCF92EE3CB70} - (no file)
O2 - BHO: (no name) - {48FD97EA-5559-4B2E-8164-F42FE2BF1C69} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vkgmqahs.dll
O2 - BHO: (no name) - {BB39A1FB-F438-4B0D-9E6E-4FAE98E44488} - C:\WINDOWS\system32\ljjjigd.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {F0D840AB-BE1F-4D45-B29D-70EE2D51DF84} - C:\WINDOWS\system32\jkkll.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [58bfea94] rundll32.exe "C:\WINDOWS\system32\xxfpmect.dll",b
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4436] command /c del "C:\WINDOWS\system32\vkgmqahs.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7255] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7614] command /c del "C:\WINDOWS\system32\vkgmqahs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5598] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8673] command /c del "C:\WINDOWS\system32\vkgmqahs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5368] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7411] command /c del "C:\WINDOWS\system32\jkkll.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4815] cmd /c del "C:\WINDOWS\system32\jkkll.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [SpybotDeletingB4006] command /c del "C:\WINDOWS\system32\vkgmqahs.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9235] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dllbox"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9142] command /c del "C:\WINDOWS\system32\vkgmqahs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8950] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8089] command /c del "C:\WINDOWS\system32\vkgmqahs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6881] cmd /c del "C:\WINDOWS\system32\vkgmqahs.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6716] command /c del "C:\WINDOWS\system32\jkkll.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3823] cmd /c del "C:\WINDOWS\system32\jkkll.dll_old"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O20 - Winlogon Notify: ljjjigd - C:\WINDOWS\SYSTEM32\ljjjigd.dll
O20 - Winlogon Notify: vkgmqahs - C:\WINDOWS\SYSTEM32\vkgmqahs.dll
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 14070 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 13 February 2008 - 03:33 AM

If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Do not run it just yet.

Now please go here and follow the instructions to install the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 February 2008 - 10:05 PM

Here is the ComboFix log, it took 3 tries to get a log, the first two times my computer restarted. I was just playing Rock Band, so I don't think I did anything to mess it up, but who knows.

ComboFix 08-02-18.1 - Matt 2008-02-17 20:54:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -6:00]
Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ljjjigd.dll
C:\WINDOWS\system32\vkgmqahs.dll
C:\PROGRA~1\Sygate\SPF\smc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aoafqoiq.ini
C:\WINDOWS\system32\aonopsbo.ini
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bkammvlm.dll
C:\WINDOWS\system32\csmuwdnm.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ctyloqhu.ini
C:\WINDOWS\system32\cxlnwxkw.dll
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\dvayxafo.dll
C:\WINDOWS\system32\fmgtpudm.dll
C:\WINDOWS\system32\foektgvf.ini
C:\WINDOWS\system32\frqodpbx.dll
C:\WINDOWS\system32\gbftqkkg.dll
C:\WINDOWS\system32\hfjmyipm.dll
C:\WINDOWS\system32\hgbmnpus.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hkgslhwt.ini
C:\WINDOWS\system32\hqgnenkk.ini
C:\WINDOWS\system32\ibonnbgx.ini
C:\WINDOWS\system32\ixpltjxx.dll
C:\WINDOWS\system32\jdjagucy.dll
C:\WINDOWS\system32\jdlydvon.ini
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.exe
C:\WINDOWS\system32\jksanlmx.ini
C:\WINDOWS\system32\jtvwortt.ini
C:\WINDOWS\system32\kqrachhj.ini
C:\WINDOWS\system32\ksdcroms.dll
C:\WINDOWS\system32\ktpptnea.dll
C:\WINDOWS\system32\kxrvxgkf.dll
C:\WINDOWS\system32\ljjjigd.dll
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlvmmakb.ini
C:\WINDOWS\system32\mpiymjfh.ini
C:\WINDOWS\system32\mrqpbtcc.dll
C:\WINDOWS\system32\nfvyofky.dll
C:\WINDOWS\system32\ngwrusiy.dll
C:\WINDOWS\system32\nhilfrps.dll
C:\WINDOWS\system32\nrkwbeer.ini
C:\WINDOWS\system32\nvdmbqwp.dll
C:\WINDOWS\system32\owolcjer.dll
C:\WINDOWS\system32\peypsrus.dll
C:\WINDOWS\system32\phsimvsk.dll
C:\WINDOWS\system32\pmnljjh.dll
C:\WINDOWS\system32\qecxjfoa.dll
C:\WINDOWS\system32\qioqfaoa.dll
C:\WINDOWS\system32\reebwkrn.dll
C:\WINDOWS\system32\rgrdstsl.dll
C:\WINDOWS\system32\rmfweulh.dll
C:\WINDOWS\system32\sqwobeli.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\supnmbgh.ini
C:\WINDOWS\system32\surspyep.ini
C:\WINDOWS\system32\tcempfxx.ini
C:\WINDOWS\system32\ttrowvtj.dll
C:\WINDOWS\system32\vkgmqahs.dll
C:\WINDOWS\system32\vkgmqahs.dllbox
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vwphuxmt.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wqwcyenn.dll
C:\WINDOWS\system32\xfydiwqh.ini
C:\WINDOWS\system32\xmlnaskj.dll
C:\WINDOWS\system32\xxjtlpxi.ini
C:\WINDOWS\system32\ymysugmd.ini
C:\WINDOWS\system32\yoahqbnv.ini
C:\WINDOWS\system32\ypemxmgg.dll
C:\WINDOWS\system32\yspvixrv.dll
C:\WINDOWS\system32\yydxuvuh.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NNSERV
-------\NNServ






((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-14 22:52 . 2008-02-16 22:52 6,112 --a------ C:\WINDOWS\BM5b8cd908.xml
2008-02-12 02:54 . 2008-02-12 02:55 <DIR> d-------- C:\Program Files\DivX
2008-02-02 15:29 . 2008-02-17 20:24 <DIR> d-------- C:\Program Files\Steam
2008-01-31 01:55 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-31 01:55 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-31 01:55 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-31 01:54 . 2008-01-31 01:54 <DIR> d-------- C:\Program Files\Sygate
2008-01-29 12:33 . 2008-02-17 20:16 21 --a------ C:\WINDOWS\pskt.ini
2008-01-29 05:21 . 2008-02-01 14:52 <DIR> d-------- C:\Documents and Settings\Matt\.housecall6.6
2008-01-28 00:57 . 2008-01-28 00:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 00:57 . 2008-01-28 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 17:30 . 2008-02-17 20:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-26 17:30 . 2008-01-29 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 10:00 . 2008-02-13 00:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 10:00 . 2008-01-20 10:00 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 02:24 --------- d-----w C:\Program Files\iTunes
2008-02-18 00:34 --------- d-----w C:\Program Files\Trillian
2008-02-13 09:04 --------- d-----w C:\Documents and Settings\Matt\Application Data\MSN6
2008-01-29 07:40 --------- d-----w C:\Program Files\Soulseek
2008-01-28 06:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-21 13:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-21 13:01 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 13:01 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 13:01 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 13:01 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 13:01 --------- d-----w C:\Program Files\Symantec
2008-01-17 18:52 74,235 ----a-w C:\WINDOWS\system32\klngmxpi.dll
2008-01-16 21:37 --------- d-----w C:\Program Files\QuickTime
2008-01-16 19:10 --------- d-----w C:\Program Files\iPod
2008-01-16 18:52 74,240 ----a-w C:\WINDOWS\system32\vycaqndb.dll
2008-01-15 06:57 74,235 ----a-w C:\WINDOWS\system32\annxxjmu.dll
2008-01-15 06:06 --------- d-----w C:\Program Files\Soulseek-Test
2008-01-14 06:50 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-13 12:52 15,360 ----a-w C:\WINDOWS\system32\OLD2E1.tmp
2008-01-11 06:48 324,824 ----a-w C:\WINDOWS\system32\mlljh.dll
2008-01-10 05:48 313,364 ----a-w C:\WINDOWS\system32\mljge.dll
2008-01-09 17:21 --------- d-----w C:\Program Files\DellSupport
2008-01-07 21:40 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-20 04:04 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.
<pre>
----a-w		   856,064 2007-12-20 04:04:02  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w		   274,432 2007-12-20 04:04:16  C:\Program Files\ATI\CatalystRegistration\dolce .exe
----a-w		   344,064 2007-12-20 04:03:32  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			90,112 2007-12-20 04:04:07  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
----a-w			81,920 2007-12-20 04:03:33  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   249,856 2008-01-07 21:45:56  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w			52,840 2008-01-15 10:20:52  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			94,208 2007-12-20 04:03:31  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w		   460,784 2007-12-20 04:04:46  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			49,152 2008-02-13 06:54:04  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   267,048 2008-02-13 06:54:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			49,263 2007-12-20 04:03:44  C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
----a-w			26,112 2007-12-20 04:03:37  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		 4,943,184 2008-02-13 06:54:24  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
----a-w		 1,460,560 2008-02-13 06:54:15  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,266,936 2008-02-13 06:54:17  C:\Program Files\Steam\Steam .exe
----a-w		 2,577,632 2008-02-13 05:19:37  C:\Program Files\Sygate\SPF\smc .exe
----a-w		 1,372,160 2007-12-20 04:05:20  C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
----a-w		   204,288 2007-12-20 04:04:58  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w			67,584 2007-12-20 04:03:29  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2007-12-20 04:04:39  C:\WINDOWS\system32\ctfmon .exe
----a-w		   122,940 2007-12-20 04:03:33  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48FD97EA-5559-4B2E-8164-F42FE2BF1C69}]
C:\WINDOWS\system32\ddccb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-27 03:50:32 110592]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-09-05 19:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1997-09-24 16:35]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1997-09-24 16:35]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1997-09-24 16:35]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R2 WUSB54GSCSVC;WUSB54GSCSVC;"C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe" []
R3 Angel2;Angel II MPEG Device;C:\WINDOWS\system32\DRIVERS\Angel2.sys [2006-02-04 19:09]
S3 EraserUtilDrvI2;EraserUtilDrvI2;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI2.sys [2007-06-20 02:00]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 03:00]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:56:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 20:57:39
ComboFix-quarantined-files.txt 2008-02-18 02:57:31
.
2008-01-09 09:04:45 --- E O F ---



And here is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:06 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48FD97EA-5559-4B2E-8164-F42FE2BF1C69} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 10501 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 18 February 2008 - 06:22 AM

Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
File::
C:\WINDOWS\BM5b8cd908.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\klngmxpi.dll
C:\WINDOWS\system32\vycaqndb.dll
C:\WINDOWS\system32\annxxjmu.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mljge.dll
RenV::
----a-w 856,064 2007-12-20 04:04:02  C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray .exe
----a-w 274,432 2007-12-20 04:04:16  C:\Program Files\ATI\CatalystRegistration\dolce .exe
----a-w 344,064 2007-12-20 04:03:32  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 90,112 2007-12-20 04:04:07  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
----a-w 81,920 2007-12-20 04:03:33  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 249,856 2008-01-07 21:45:56  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w 52,840 2008-01-15 10:20:52  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 94,208 2007-12-20 04:03:31  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w 460,784 2007-12-20 04:04:46  C:\Program Files\DellSupport\DSAgnt .exe
----a-w 49,152 2008-02-13 06:54:04  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 267,048 2008-02-13 06:54:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w 49,263 2007-12-20 04:03:44  C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
----a-w 26,112 2007-12-20 04:03:37  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 4,943,184 2008-02-13 06:54:24  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
----a-w 1,460,560 2008-02-13 06:54:15  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,266,936 2008-02-13 06:54:17  C:\Program Files\Steam\Steam .exe
----a-w 2,577,632 2008-02-13 05:19:37  C:\Program Files\Sygate\SPF\smc .exe
----a-w 1,372,160 2007-12-20 04:05:20  C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
----a-w 204,288 2007-12-20 04:04:58  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 67,584 2007-12-20 04:03:29  C:\WINDOWS\ehome\ehtray .exe
----a-w 15,360 2007-12-20 04:04:39  C:\WINDOWS\system32\ctfmon .exe
----a-w 122,940 2007-12-20 04:03:33  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48FD97EA-5559-4B2E-8164-F42FE2BF1C69}]
Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#7 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 February 2008 - 12:25 AM

ComboFix log

ComboFix 08-02-18.1 - Matt 2008-02-18 23:16:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -6:00]
Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matt\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM5b8cd908.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\annxxjmu.dll
C:\WINDOWS\system32\klngmxpi.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\vycaqndb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM5b8cd908.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\annxxjmu.dll
C:\WINDOWS\system32\klngmxpi.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\vycaqndb.dll

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdateυj
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-12 02:54 . 2008-02-12 02:55 <DIR> d-------- C:\Program Files\DivX
2008-02-02 15:29 . 2008-02-18 19:29 <DIR> d-------- C:\Program Files\Steam
2008-01-31 01:55 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-31 01:55 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-31 01:55 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-31 01:55 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-31 01:54 . 2008-01-31 01:54 <DIR> d-------- C:\Program Files\Sygate
2008-01-29 05:21 . 2008-02-01 14:52 <DIR> d-------- C:\Documents and Settings\Matt\.housecall6.6
2008-01-28 00:57 . 2008-01-28 00:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 00:57 . 2008-01-28 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 17:30 . 2008-02-17 20:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-26 17:30 . 2008-01-29 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 10:00 . 2008-02-18 02:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-20 10:00 . 2008-01-20 10:00 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 02:24 --------- d-----w C:\Program Files\iTunes
2008-02-18 00:34 --------- d-----w C:\Program Files\Trillian
2008-02-13 09:04 --------- d-----w C:\Documents and Settings\Matt\Application Data\MSN6
2008-01-29 07:40 --------- d-----w C:\Program Files\Soulseek
2008-01-28 06:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-21 13:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-21 13:01 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-21 13:01 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-21 13:01 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-21 13:01 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 13:01 --------- d-----w C:\Program Files\Symantec
2008-01-16 21:37 --------- d-----w C:\Program Files\QuickTime
2008-01-16 19:10 --------- d-----w C:\Program Files\iPod
2008-01-15 06:06 --------- d-----w C:\Program Files\Soulseek-Test
2008-01-14 06:50 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-13 12:52 15,360 ----a-w C:\WINDOWS\system32\OLD2E1.tmp
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 17:21 --------- d-----w C:\Program Files\DellSupport
2008-01-07 21:40 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-20 04:04 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.
<pre>
----a-w		   274,432 2007-12-20 04:04:16  C:\Program Files\ATI\CatalystRegistration\dolce .exe
----a-w		   344,064 2007-12-20 04:03:32  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w			90,112 2007-12-20 04:04:07  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
----a-w			81,920 2007-12-20 04:03:33  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   249,856 2008-01-07 21:45:56  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
----a-w			52,840 2008-01-15 10:20:52  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w			94,208 2007-12-20 04:03:31  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w		   460,784 2007-12-20 04:04:46  C:\Program Files\DellSupport\DSAgnt .exe
----a-w			49,152 2008-02-13 06:54:04  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   267,048 2008-02-13 06:54:08  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			49,263 2007-12-20 04:03:44  C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
----a-w			26,112 2007-12-20 04:03:37  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		 4,943,184 2008-02-13 06:54:24  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe
----a-w		 1,460,560 2008-02-13 06:54:15  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,266,936 2008-02-13 06:54:17  C:\Program Files\Steam\Steam .exe
----a-w		 2,577,632 2008-02-13 05:19:37  C:\Program Files\Sygate\SPF\smc .exe
----a-w		 1,372,160 2007-12-20 04:05:20  C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
----a-w		   204,288 2007-12-20 04:04:58  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w			67,584 2007-12-20 04:03:29  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2007-12-20 04:04:39  C:\WINDOWS\system32\ctfmon .exe
----a-w		   122,940 2007-12-20 04:03:33  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-02-17 21:41 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 21:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2007-12-19 22:04 856064]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-27 03:50:32 110592]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-09-05 19:33:07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1997-09-24 16:35]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1997-09-24 16:35]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1997-09-24 16:35]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R2 WUSB54GSCSVC;WUSB54GSCSVC;"C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe" []
R3 Angel2;Angel II MPEG Device;C:\WINDOWS\system32\DRIVERS\Angel2.sys [2006-02-04 19:09]
S3 EraserUtilDrvI2;EraserUtilDrvI2;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI2.sys [2007-06-20 02:00]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 03:00]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 23:21:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 23:22:45
ComboFix-quarantined-files.txt 2008-02-19 05:22:37
ComboFix2.txt 2008-02-18 02:57:40
.
2008-02-18 09:07:32 --- E O F ---


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:10 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 10497 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2008 - 05:52 AM

Download RenV.exe to your desktop,double click to run it:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
When its finished it will produce a Log.
Please post the contents of that Log into your next reply.
Posted Image
Posted Image

#9 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 February 2008 - 07:57 PM

Ran on Tue 02/19/2008 - 17:53:16.89



----a-w		   274,432 2007-12-20 04:04:16  C:\Program Files\ATI\CatalystRegistration\dolce .exe

----a-w		   344,064 2007-12-20 04:03:32  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe

----a-w			90,112 2007-12-20 04:04:07  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe

----a-w			81,920 2007-12-20 04:03:33  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe

----a-w		   249,856 2008-01-07 21:45:56  C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe

----a-w			52,840 2008-01-15 10:20:52  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

----a-w			94,208 2007-12-20 04:03:31  C:\Program Files\Dell\Media Experience\DMXLauncher .exe

----a-w		   460,784 2007-12-20 04:04:46  C:\Program Files\DellSupport\DSAgnt .exe

----a-w			49,152 2008-02-13 06:54:04  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe

----a-w		   267,048 2008-02-13 06:54:08  C:\Program Files\iTunes\iTunesHelper .exe

----a-w			49,263 2007-12-20 04:03:44  C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe

----a-w			26,112 2007-12-20 04:03:37  C:\Program Files\Real\RealPlayer\RealPlay .exe

----a-w		 4,943,184 2008-02-13 06:54:24  C:\Program Files\Spybot - Search & Destroy\SpybotSD .exe

----a-w		 1,460,560 2008-02-13 06:54:15  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe

----a-w		 1,266,936 2008-02-13 06:54:17  C:\Program Files\Steam\Steam .exe

----a-w		 2,577,632 2008-02-13 05:19:37  C:\Program Files\Sygate\SPF\smc .exe

----a-w		 1,372,160 2007-12-20 04:05:20  C:\Program Files\TGTSoft\StyleXP\StyleXP .exe

----a-w		   204,288 2007-12-20 04:04:58  C:\Program Files\Windows Media Player\WMPNSCFG .exe

----a-w			67,584 2007-12-20 04:03:29  C:\WINDOWS\ehome\ehtray .exe

----a-w			15,360 2007-12-20 04:04:39  C:\WINDOWS\system32\ctfmon .exe

----a-w		   122,940 2007-12-20 04:03:33  C:\WINDOWS\system32\DLA\DLACTRLW .EXE



 Entries:			   21  (21)

 Directories:			0  Files:			21

 Bytes:		 14,070,435  Blocks:	   27,486


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2008 - 08:46 PM

Posted Image
Refering to the picture above, drag Log.txt into RenV.exe
When finished, it shall produce a new log for you.
Post that log in your next reply.
Posted Image
Posted Image

#11 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 February 2008 - 09:24 PM

Ran on Tue 02/19/2008 - 20:21:59.91

 Entries:				0  (0)
 Directories:			0  Files:			 0
 Bytes:				  0  Blocks:			0

I don't know if I did this right, not much happened. The program started, listed the files from the previous log saying "file could not be found" and when I finished Windows File Protection popped up saying files used to run windows had been replaced by unrecognized versions.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 February 2008 - 09:49 PM

Thats great,now do the following:
Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.It does not provide an option to clean/disinfect,i need to see the scan results.
• Now click on the Save as Text button.
• Save the file to your desktop.
• Copy and paste the contents of that file into your next reply.

If the above link doesn't work,try this:
http://www.kaspersky.com/kos/english/kavwebscan.html

Also post a new Hijackthis log please.
Posted Image
Posted Image

#13 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 20 February 2008 - 02:05 AM

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 20, 2008 1:04:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 530746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 125326
Number of viruses found: 12
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 01:34:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000758B5.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\049A3DCB.exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05CE063A.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05EC42A9.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06263669.exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06263669.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\062A6065.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\062D0A62.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0630345E.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0661225B.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\069F4016.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\099F1EC9.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9A1ACD.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA6F10.tmp Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE04308.tmp Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F6442D3.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11F67ACB.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1671652A.dll Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\172A56CC.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CC1361B.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DB148C2.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E6033C3.exe Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22BF662D.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\256F7D49.tmp Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B8E71CB.tmp Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B9545C4.tmp Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B9C19BD.tmp Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34295B81.exe Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3467793D.dll Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37AF522A.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\382821AC.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392B63C3.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\454F31AF.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FDF58B3.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\516278CC.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51855E95.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\518F5C8A.exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\518F5C8A.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51E75413.dll Infected: Trojan-Downloader.Win32.Zlob.aoi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59402B56.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF234CB.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\671A337C.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\698534DA.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B5D300E.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B615A0B.exe Infected: Trojan-Downloader.Win32.Zlob.aoi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA16CC5.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCA38B5.tmp Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70CF5796.tmp Infected: Virus.Win32.Trats.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\731D1236.def Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\758472F6.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B511928.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FAA3744.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1488972347_1507328_35285 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1488972347_3014656_34050 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE42.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{049BF6D0-2080-484A-A82F-3D05BDC01950}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{936DB034-B27B-440D-801B-49546A1642A8}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B41CA1AA-8D31-4C3D-AE09-C13A286736D7}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\fpsuqsiw.exe.bac_a00972 Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\gamadril20071203[1].bac_a00972 Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\gamadril20071203[2].bac_a03912 Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\HPWuSchd2.exe.bac_a02948 Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\iTunesHelper.exe.bac_a02948 Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\jkkll.exe.bac_a00972 Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Matt\.housecall6.6\Quarantine\jkkll.exe.bac_a03912 Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Matt\Application Data\Microsoft\MSNIA\Journal.Dat Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\cert8.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\history.dat Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\key3.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\parent.lock Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Matt\Application Data\MSN6\UserData\{03FBA5B6-9AF6-01C6-0900-00001CFCCD7E}\favthumb.dbx Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-26b8f410.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-26b8f410.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Incomplete\T-113240-Trillian Pro v3.1.9.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\Documents and Settings\Matt\Incomplete\T-113240-Trillian Pro v3.1.9.0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Last.fm\Client\lastfmhelper.log Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\MSN\db30\RckrBoy06-MSN-com.sdf Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\iqwz5xte.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\fdr3224.fdr Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\~DFB4A0.tmp Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\PhishingFilter\10278502-67BC-43EF-B0AA-BBF67795D5B0.dat Object is locked skipped
C:\Documents and Settings\Matt\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matt\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp11849.instance Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ibdata1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile0 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhassetcacheitem.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhassetversioncacheitem.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhmessage.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishlog.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishserver.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishstateitem.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhresult.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhreview.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhreviewcomment.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhrole.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhschemaversion.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsequence.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsettings.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhsettingssection.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhthumbnail.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuserrole.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpmetadata.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpproperty.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\logs\VersionCue.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\calendar.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\miadv.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\mibas.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\micd.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\printing.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\qos.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef.mar Object is locked skipped
C:\Program Files\MSN\MsnInstaller\install.mar Object is locked skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 binaries.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source 2007 shared sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source models.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\source sounds.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\sourceinit.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 client content.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 content.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\team fortress 2 materials.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\HP\HP Software Update\HPWuSchd2.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\SpybotSD.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Steam\Steam.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\PROGRA~1\Sygate\SPF\smc.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkll.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D7D2F5DB-0F76-4A30-845D-9AFBE3C03B32}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6F3734EF-6742-4485-ADA7-532F5F973B4B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C6DC6095-BD46-478E-9D25-F6586399E8FC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\540 Object is locked skipped
C:\WINDOWS\Temp\ib5 Object is locked skipped
C:\WINDOWS\Temp\ib6 Object is locked skipped
C:\WINDOWS\Temp\ib7 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_738.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:59 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 10821 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 20 February 2008 - 05:02 AM

First enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Delete the entire contents of this cache:
C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache

Find and delete:
C:\Documents and Settings\Matt\Incomplete\T-113240-Trillian Pro v3.1.9.0.zip
C:\QooBox

Delete the entire contents of these Quarantine folders:
C:\Documents and Settings\Matt\.housecall6.6\Quarantine
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

Click on Start/Run,type cleanmgr into the 'Open:' space,then press Ok.
Let it scan your system for files to remove.
Make sure these 3 are checked and nothing else,then press Ok.
* Temporary Files
* Temporary Internet Files
* Recycle Bin


Please download/install Avira AntiVir Personal Edition Classic[Free]:
http://www.free-av.com/
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#15 Apex13

Apex13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 20 February 2008 - 06:56 PM

AntiVir PersonalEdition Classic
Report file date: Wednesday, February 20, 2008 15:39

Scanning for 1118450 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MATTSROOM

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 20:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 19:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 22:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 19:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 21:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 12/14/2007 21:07:14
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2/8/2008 21:07:14
ANTIVIR3.VDF : 7.0.2.169 308736 Bytes 2/20/2008 21:07:14
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2/20/2008 21:07:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 17:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 14:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2/20/2008 21:07:15
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 14:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 19:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 14:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 18:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 19:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 19:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 16:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, February 20, 2008 15:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msncc.exe' - '1' Module(s) have been scanned
Scan process 'logonmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'RMSysTry.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'McrdSvc.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GSC.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RMSvc.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'VersionCueCS2.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StyleXPService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000580.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000581.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000582.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000583.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000584.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000721.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000722.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000723.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000724.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000726.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000727.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.8
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000728.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000729.exe
[DETECTION] Is the Trojan horse TR/Dldr.Nsis.Ag.U.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000730.exe
[DETECTION] Is the Trojan horse TR/Dldr.Nsis.Ag.U.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000731.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000732.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000733.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000734.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000736.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000737.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000738.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000739.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000740.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000741.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000742.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000743.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000744.dll
[DETECTION] Contains detection pattern of the Windows virus W32/Agent.I
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000745.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000746.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000747.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000748.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000749.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000751.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000755.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000757.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.aon.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000758.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Agent.I
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000759.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000760.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000761.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000762.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000763.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000764.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000765.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000766.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000767.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000768.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000769.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000770.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000771.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000772.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000773.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000774.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000775.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000776.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000777.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000778.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Agent.I
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000779.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000780.dll
[DETECTION] Contains detection pattern of the Windows virus W32/Agent.I
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000781.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000782.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000783.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000785.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000786.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000787.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000788.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000789.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000790.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000791.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000792.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000793.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000794.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000795.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000796.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000797.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000798.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000799.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000800.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000801.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.8
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000802.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000803.dll
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000804.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000805.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000807.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000808.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000809.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000810.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000813.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000814.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000815.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000816.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000817.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000818.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000819.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000820.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000822.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000823.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000824.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000825.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000826.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000827.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000829.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.aoi
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000830.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.aoi
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000831.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000832.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000833.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000834.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000836.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000837.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000839.exe
[DETECTION] Is the Trojan horse TR/Drop.Monitor.C
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000840.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000841.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000842.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000843.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000845.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000846.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000848.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000849.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000850.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000851.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000852.exe
[DETECTION] Is the Trojan horse TR/Dldr.PornMag.A.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000853.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000865.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/Agent.CZ
[INFO] The file was deleted!


End of the scan: Wednesday, February 20, 2008 17:48
Used time: 2:08:56 min

The scan has been done completely.

15363 Scanning directories
440375 Files were scanned
122 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
122 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
440253 Files not concerned
4948 Archives were scanned
3 Warnings
0 Notes







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:30 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HiJackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151448642718
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4507.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - http://studentmail.augustana.edu/frames/button.gif

--
End of file - 11605 bytes

Things are running considerably better than before, but there are still some odd ocurences.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users