Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Dss Log File. Infected Computer, Help Please


  • This topic is locked This topic is locked
20 replies to this topic

#1 vgn80

vgn80

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 03 May 2008 - 07:30 PM

Hi, I am having a problem with my laptop. Below I am posting my DSS log file. Later I will post my Kaspersky online scan log. Help would be greatly apreciated. Thank you in advance! :thumbsup:
Deckard's System Scanner v20071014.68
Run by Violeta on 2008-05-03 20:12:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-05-04 00:12:51 UTC - RP342 - Deckard's System Scanner Restore Point
14: 2008-05-03 18:53:09 UTC - RP341 - Cleaned registry with Windows Live OneCare safety scanner
13: 2008-05-03 12:26:49 UTC - RP340 - System Checkpoint
12: 2008-05-02 02:15:05 UTC - RP339 - System Checkpoint
11: 2008-05-01 00:36:49 UTC - RP338 - System Checkpoint


-- First Restore Point --
1: 2008-04-24 19:25:22 UTC - RP328 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Violeta.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:00 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Violeta\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Violeta.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {80F60BC5-B09F-4A68-8B62-8A17FAFCA000} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8564 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080501-145435-196 O4 - HKLM\..\Run: [BMef76afdb] Rundll32.exe "C:\WINDOWS\system32\frxwsxdo.dll",s
backup-20080501-145644-959 O4 - HKLM\..\Run: [BMef76afdb] Rundll32.exe "C:\WINDOWS\system32\frxwsxdo.dll",s
backup-20080502-080012-537 O4 - HKLM\..\Run: [BMef76afdb] Rundll32.exe "C:\WINDOWS\system32\frxwsxdo.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Appdrv - c:\program files\dell\nicconfigsvc\appdrv.sys <Not Verified; Dell Inc; Application Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 Usblink (Usblink Driver) - c:\windows\system32\drivers\ulink.sys <Not Verified; ; USB SUPERLINK ADAPTER>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 20:00:01 602 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Vladislav Naydenov.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-03 15:22:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 15:22:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 15:22:25 0 d-------- C:\WINDOWS\LastGood
2008-05-03 07:19:16 0 d-------- C:\VundoFix Backups
2008-05-01 14:36:51 0 d-------- C:\Program Files\Trend Micro
2008-04-30 19:29:29 104512 --a------ C:\WINDOWS\system32\frxwsxdo.dll
2008-04-17 08:38:16 519233 --ahs---- C:\WINDOWS\system32\egillnmp.ini2
2008-04-16 12:29:31 0 d-------- C:\Documents and Settings\Violeta\Application Data\WinRAR
2008-04-13 16:47:40 282316 --ahs---- C:\WINDOWS\system32\BHOXxGgh.ini2
2008-04-13 16:11:24 0 d-------- C:\Program Files\AutoCAD 2008
2008-04-09 22:35:12 0 d-------- C:\Program Files\AntiSpywareMaster
2008-04-09 20:33:20 272970 --ahs---- C:\WINDOWS\system32\ghkkknpo.ini2
2008-04-09 19:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-08 21:27:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-07 13:27:04 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-04 20:18:50 0 d-------- C:\Documents and Settings\Violeta\.housecall6.6
2008-04-04 19:33:47 0 d-------- C:\Program Files\MSBuild
2008-04-04 19:27:20 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-04 19:25:11 0 d-------- C:\Program Files\Reference Assemblies
2008-04-04 18:36:38 0 d-------- C:\install
2008-04-04 08:01:23 0 d-------- C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6
2008-04-04 08:01:17 0 d-------- C:\WINDOWS\system32\HouseCall 6.6
2008-04-03 19:59:49 0 d-------- C:\Documents and Settings\Violeta\Application Data\Yahoo!
2008-04-03 18:38:41 0 d-------- C:\Documents and Settings\Vladislav Naydenov\Application Data\Yahoo!
2008-04-03 15:44:27 0 d-------- C:\Program Files\Symantec
2008-04-03 15:43:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-03 15:43:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-03 15:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 15:41:26 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2008-04-03 07:58:03 265880 --ahs---- C:\WINDOWS\system32\defhNXyb.ini2
2008-04-03 07:20:48 0 d-------- C:\Program Files\Yahoo!
2008-04-03 07:17:01 0 d-------- C:\Program Files\MSXML 6.0


-- Find3M Report ---------------------------------------------------------------

2008-05-03 14:55:15 0 d-------- C:\Program Files\NavigationEnhancer
2008-04-24 17:27:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 17:25:18 0 d-------- C:\Program Files\Dell
2008-04-24 08:25:33 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-09 20:24:35 370629 --ahs---- C:\WINDOWS\system32\OpsCLUtv.ini2
2008-04-09 20:22:55 0 d-------- C:\Program Files\Common Files\Corel
2008-04-09 20:19:40 0 d-------- C:\Documents and Settings\Violeta\Application Data\Corel
2008-04-09 20:16:00 0 d-------- C:\Documents and Settings\Violeta\Application Data\Macromedia
2008-04-09 19:54:05 0 d-------- C:\Documents and Settings\Violeta\Application Data\Adobe
2008-04-09 19:50:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-08 10:22:06 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-08 10:22:06 104 -rahs---- C:\WINDOWS\system32\2E67D070EC.sys
2008-04-07 14:54:11 0 d-------- C:\Program Files\Winamp
2008-04-07 13:14:32 0 d-------- C:\Documents and Settings\Violeta\Application Data\Skype
2008-04-04 21:57:32 0 d-------- C:\Documents and Settings\Violeta\Application Data\Autodesk
2008-04-03 18:19:04 0 d-------- C:\Program Files\Common Files
2008-04-03 06:56:45 0 d-------- C:\Program Files\LimeWire
2008-04-02 20:20:52 0 d-------- C:\Documents and Settings\Violeta\Application Data\LimeWire
2008-04-02 19:53:37 0 d-------- C:\Program Files\MUSICMATCH
2008-04-01 20:01:36 0 d-------- C:\Program Files\FBrowserAdvisor
2008-03-31 17:57:29 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2008-03-31 17:56:53 0 d-------- C:\Program Files\FaxTools
2008-03-31 17:54:27 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-03-30 02:49:11 0 d-------- C:\Documents and Settings\Violeta\Application Data\U3
2008-03-30 02:39:40 88 -r-hs---- C:\WINDOWS\system32\EC70D0672E.sys
2008-03-16 07:56:36 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80F60BC5-B09F-4A68-8B62-8A17FAFCA000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 05:56 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 04:08 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 12:19 AM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/07/2006 10:11 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 05:33 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 04:16 PM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [11/29/2005 08:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 06:43 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [05/31/2007 04:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/15/2007 05:17 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [11/29/2005 08:19 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8e5201-f958-11dc-b49b-0014229cc728}]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-03 20:17:08 ------------Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1015.37 MiB / 588.25 MiB
Pagefile Memory (total/avail): 2442.64 MiB / 2044.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.55 MiB

C: is Fixed (NTFS) - 71.47 GiB total, 39.02 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800VE-75HDT1 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 71.47 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Norton Security Online v2007 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.135
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Violeta\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Violeta
LOGONSERVER=\\LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Violeta\LOCALS~1\Temp
TMP=C:\DOCUME~1\Violeta\LOCALS~1\Temp
USERDOMAIN=LAPTOP
USERNAME=Violeta
USERPROFILE=C:\Documents and Settings\Violeta
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Vladislav Naydenov (admin)
Violeta (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6\uninstaller.exe"
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NavigationEnhancer --> C:\Program Files\NavigationEnhancer\uninstall.exe
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Verizon Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VoipDiscount --> "C:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3436 / Error
Event Submitted/Written: 05/01/2008 03:13:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3408 / Warning
Event Submitted/Written: 04/30/2008 08:06:01 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3407 / Error
Event Submitted/Written: 04/30/2008 07:44:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application yop.exe, version 2007.6.26.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3371 / Error
Event Submitted/Written: 04/27/2008 01:22:17 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3370 / Error
Event Submitted/Written: 04/26/2008 08:03:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application BCMWLTRY.EXE, version 4.10.47.3, faulting module BCMWLTRY.EXE, version 4.10.47.3, fault address 0x00003254.
Processing media-specific event for [BCMWLTRY.EXE!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31143 / Error
Event Submitted/Written: 05/03/2008 07:02:30 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Event Record #/Type31133 / Error
Event Submitted/Written: 05/02/2008 08:57:27 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type31125 / Warning
Event Submitted/Written: 05/02/2008 06:30:20 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5849897. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type31122 / Error
Event Submitted/Written: 05/02/2008 06:02:52 PM / 05/02/2008 06:02:53 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Event Record #/Type31067 / Warning
Event Submitted/Written: 05/02/2008 03:12:37 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-05-03 20:17:08 ------------

BC AdBot (Login to Remove)

 


m

#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 May 2008 - 03:21 PM

Hi

First ... Please describe your problem ... popups ?

Second ... post the Kaspersky online scan log

Third ... run these two programs & post the logs please :-

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 04 May 2008 - 07:21 PM

Hi and thank you for helping me with my problem.
At first my computer started running very slow and I was getting pop-up windows every time I was trying to open a new page, then my desktop background turned blue. Since I ran housecall 6.6 and norton full scans several times over the last three weeks things have gotten better. I'm not getting any pop-ups anymore, the computer is running faster, and few minutes ago I noticed that me desktop background is back to what I had it set at. However, Norton and Housecall 6.6 are still finding trojan.vundo, backdoor.trojan, and downloader.trojan, so I would like to get my system cleaned. I also ran microsoft onecare, which seemed to have helped too.

Thank you!
I ran Kaspersky online scan and I am posting the log file below:

KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 7:46:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 739304
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 100785
Number of viruses found: 15
Number of infected objects: 58
Number of suspicious objects: 0
Duration of the scan process: 02:19:13

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0068437.exe.xor Infected: Trojan.Win32.VB.cfl skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0071836.dll.xor Infected: Packed.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0071838.dll.xor Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5B213438.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A3D95115.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\bbbduddf.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\bvonmikn.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\byXNhfed.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\ccglcdwj.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\iajartxe.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\ipnwoiid.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\kcfkqbmw.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\khruepcc.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\krqwfkbp.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\lgexjtri.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\pheugjxt.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\rhvwmlpu.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\vgtrvtum.dll.bac_a00736 Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\vtULCspO.dll.bac_a00736 Infected: not-a-virus:AdWare.Win32.Virtumonde.lwx skipped
C:\Documents and Settings\Violeta\.housecall6.6\Quarantine\yyorxuqo.dll.bac_a00736 Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\Documents and Settings\Violeta\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temp\fla9AD2.tmp Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temp\Perflib_Perfdata_be4.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Violeta\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Vladislav Naydenov\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Vladislav Naydenov\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\A0068444.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\A0068445.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP329\A0068446.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP330\A0068476.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP330\A0068484.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qov skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068600.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068671.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qgr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068673.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qok skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068675.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qov skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068678.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0068679.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0068706.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0068730.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0068731.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qoy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0068732.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0068736.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0068737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071827.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071828.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071829.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071830.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071834.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071836.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP337\A0071838.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP341\A0072899.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareExpert.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP342\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean&apos;s Quest 1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean&apos;s Quest 1.0.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean's Quest .rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean's Quest .rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\DK:Keyboard-Status 2.1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\DK:Keyboard-Status 2.1.0.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\Magnesium: RSS 2.0 Ticker 4.12.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Magnesium: RSS 2.0 Ticker 4.12.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\PDF2XL Enterprise: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\PDF2XL Enterprise: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\PDF2XL OCR: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\PDF2XL OCR: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\frxwsxdo.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

#4 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 04 May 2008 - 08:06 PM

My MBAM log below:

Malwarebytes' Anti-Malware 1.11
Database version: 716

Scan type: Quick Scan
Objects scanned: 38264
Time elapsed: 18 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vladislav Naydenov\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Files Infected:
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vladislav Naydenov\Local Settings\Temp\tem1A6.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vladislav Naydenov\Local Settings\Temp\tem9A.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vladislav Naydenov\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

#5 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 04 May 2008 - 08:08 PM

... and my ComboFix log:

ComboFix 08-05-01.3 - Violeta 2008-05-04 20:52:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.533 [GMT -4:00]
Running from: C:\Documents and Settings\Violeta\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqVreo18
C:\WINDOWS\system32\BHOXxGgh.ini
C:\WINDOWS\system32\BHOXxGgh.ini2
C:\WINDOWS\system32\defhNXyb.ini
C:\WINDOWS\system32\defhNXyb.ini2
C:\WINDOWS\system32\egillnmp.ini
C:\WINDOWS\system32\egillnmp.ini2
C:\WINDOWS\system32\frxwsxdo.dll
C:\WINDOWS\system32\ghkkknpo.ini
C:\WINDOWS\system32\ghkkknpo.ini2
C:\WINDOWS\system32\hkjvmoky.ini
C:\WINDOWS\system32\jadlnbnd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\OpsCLUtv.ini
C:\WINDOWS\system32\OpsCLUtv.ini2
C:\WINDOWS\system32\pexaahyf.ini
C:\WINDOWS\system32\psfbspco.ini
C:\WINDOWS\system32\qjbdnrnw.ini
C:\WINDOWS\system32\ssvtvbkb.ini
C:\WINDOWS\system32\tmuoknpd.ini
C:\WINDOWS\system32\uplmwvhr.ini
C:\WINDOWS\system32\usyusbsl.ini
C:\WINDOWS\system32\vdankwpw.ini
C:\WINDOWS\system32\xededbhd.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\Violeta\Application Data\Malwarebytes
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 20:12 . 2008-05-03 20:12 <DIR> d-------- C:\Deckard
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 14:36 . 2008-05-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 07:58 . 2008-04-24 15:31 414 --ahs---- C:\WINDOWS\system32\rgpybfse.ini
2008-04-21 07:38 . 2008-04-22 07:38 654 --ahs---- C:\WINDOWS\system32\xdxscbhg.ini
2008-04-20 07:38 . 2008-04-20 07:38 594 --ahs---- C:\WINDOWS\system32\jsumxgqc.ini
2008-04-19 07:34 . 2008-04-20 07:34 534 --ahs---- C:\WINDOWS\system32\kqrtsyjt.ini
2008-04-17 08:39 . 2008-04-19 07:31 474 --ahs---- C:\WINDOWS\system32\wrywjawi.ini
2008-04-16 20:37 . 2008-04-17 08:33 354 --ahs---- C:\WINDOWS\system32\bbynxbpb.ini
2008-04-16 12:30 . 2008-04-16 20:30 354 --ahs---- C:\WINDOWS\system32\kpjturvs.ini
2008-04-14 18:35 . 2008-04-15 12:17 2,826 --ahs---- C:\WINDOWS\system32\nfxeqttr.ini
2008-04-13 17:38 . 2008-04-13 21:24 2,534 --ahs---- C:\WINDOWS\system32\iawfchpt.ini
2008-04-13 17:33 . 2008-04-13 17:34 2,354 --ahs---- C:\WINDOWS\system32\gikpepot.ini
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-04-13 16:11 . 2008-04-13 17:19 2,294 --ahs---- C:\WINDOWS\system32\mdcsfpft.ini
2008-04-13 15:40 . 2008-04-13 16:02 1,994 --ahs---- C:\WINDOWS\system32\fovqvast.ini
2008-04-13 14:28 . 2008-04-13 15:39 1,874 --ahs---- C:\WINDOWS\system32\gmukcgwn.ini
2008-04-09 20:45 . 2008-04-12 20:45 1,694 --ahs---- C:\WINDOWS\system32\stuyypoe.ini
2008-04-09 19:18 . 2008-04-13 14:16 1,694 --ahs---- C:\WINDOWS\system32\ixpsnrvv.ini
2008-04-08 21:27 . 2008-04-08 21:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-08 10:53 . 2008-04-09 19:56 32,768 --a------ C:\chochi.doc
2008-04-08 07:19 . 2008-04-09 07:19 1,514 --ahs---- C:\WINDOWS\system32\agqfoeft.ini
2008-04-07 13:27 . 2008-05-03 08:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-07 07:15 . 2008-04-08 07:15 1,454 --ahs---- C:\WINDOWS\system32\xnklegtx.ini
2008-04-06 07:11 . 2008-04-07 07:11 930 --ahs---- C:\WINDOWS\system32\frddidmy.ini
2008-04-05 22:27 . 2008-04-06 07:07 698 --ahs---- C:\WINDOWS\system32\juldfxuh.ini
2008-04-05 22:16 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-05 22:16 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-05 22:16 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-05 21:35 . 2008-04-04 20:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 00:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 17:44 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Skype
2008-05-04 11:43 --------- d-----w C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6
2008-05-03 18:55 --------- d-----w C:\Program Files\NavigationEnhancer
2008-04-24 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 21:25 --------- d-----w C:\Program Files\Dell
2008-04-24 12:25 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-10 00:22 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-10 00:19 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Corel
2008-04-09 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 14:22 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-07 18:54 --------- d-----w C:\Program Files\Winamp
2008-04-06 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 02:15 --------- d-----w C:\Program Files\Symantec
2008-04-05 01:57 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Autodesk
2008-04-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-04 23:33 --------- d-----w C:\Program Files\MSBuild
2008-04-04 23:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-03 23:59 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Yahoo!
2008-04-03 22:38 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Yahoo!
2008-04-03 22:21 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 22:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 22:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 22:21 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 11:17 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-03 10:56 --------- d-----w C:\Program Files\LimeWire
2008-04-03 00:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\LimeWire
2008-04-02 23:53 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-02 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-02 00:05 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-04-01 23:17 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Autodesk
2008-03-31 21:57 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-03-31 21:56 --------- d-----w C:\Program Files\FaxTools
2008-03-31 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-31 21:54 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-30 06:49 --------- d-----w C:\Documents and Settings\Violeta\Application Data\U3
2008-03-21 23:34 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Skype
2008-03-16 11:56 --------- d-----w C:\Program Files\Java
2008-02-10 03:09 13,464 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll
2008-02-10 03:08 43,160 ----a-w C:\WINDOWS\system32\AcSignIcon.dll
2008-02-10 03:08 426,136 ----a-w C:\WINDOWS\system32\AcSignOpt.exe
2008-02-10 03:08 28,312 ----a-w C:\WINDOWS\system32\AcSignExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-07 22:11 98304]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:43 57344]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2005-04-30 00:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8e5201-f958-11dc-b49b-0014229cc728}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 00:00:01 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Vladislav Naydenov.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 20:59:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 21:00:48
ComboFix-quarantined-files.txt 2008-05-05 01:00:28

Pre-Run: 42,087,374,848 bytes free
Post-Run: 53,478,162,432 bytes free

202 --- E O F --- 2008-04-05 07:01:15

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 May 2008 - 03:40 PM

HI

WE have a lot of work to do ...

1. empty your housecall6.6 Quarantine folder ...

2. What do you know of the files in this folder ? C:\WINDOWS\Fonts\_

not the fonts folder, the _ sub folder ?

It looks like there are 6 trojan files in there ... if this is the case & there is nothing legit in there, then you can delete the _ sub folder

the trojan file name names start with the following :-

Aveyond II: Ean&apos;s Quest 1.0.rar
Aveyond II: Ean's Quest .rar
DK:Keyboard-Status 2.1.0.rar
Magnesium: RSS 2.0 Ticker 4.12.rar
PDF2XL Enterprise: Convert PDF to Excel 4.0.6.rar
PDF2XL OCR: Convert PDF to Excel 4.0.6.rar

3. Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

-
4. This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

-
5. Then...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\rgpybfse.ini
C:\WINDOWS\system32\xdxscbhg.ini
C:\WINDOWS\system32\jsumxgqc.ini
C:\WINDOWS\system32\kqrtsyjt.ini
C:\WINDOWS\system32\wrywjawi.ini
C:\WINDOWS\system32\bbynxbpb.ini
C:\WINDOWS\system32\kpjturvs.ini
C:\WINDOWS\system32\nfxeqttr.ini
C:\WINDOWS\system32\iawfchpt.ini
C:\WINDOWS\system32\gikpepot.ini
C:\WINDOWS\system32\mdcsfpft.ini
C:\WINDOWS\system32\fovqvast.ini
C:\WINDOWS\system32\gmukcgwn.ini
C:\WINDOWS\system32\stuyypoe.ini
C:\WINDOWS\system32\ixpsnrvv.ini
C:\WINDOWS\system32\agqfoeft.ini
C:\WINDOWS\system32\xnklegtx.ini
C:\WINDOWS\system32\frddidmy.ini
C:\WINDOWS\system32\juldfxuh.ini


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 05 May 2008 - 05:29 PM

Steam, I followed your instructions to the word except for the _subfolder of C:\WINDOWS\Fonts. When I opened that folder there waren't any other folders inside, only the icons with the different fonts. I deletd the quarantined folder of housecal6.6, and did everithing else as instructed. Since I ran MBAM and Combofix yesterday my machine is running significantly faster. Thank you again for helping me!


Below is the new Combofix log:

ComboFix 08-05-01.3 - Violeta 2008-05-05 18:07:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.610 [GMT -4:00]
Running from: C:\Documents and Settings\Violeta\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Violeta\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\agqfoeft.ini
C:\WINDOWS\system32\bbynxbpb.ini
C:\WINDOWS\system32\fovqvast.ini
C:\WINDOWS\system32\frddidmy.ini
C:\WINDOWS\system32\gikpepot.ini
C:\WINDOWS\system32\gmukcgwn.ini
C:\WINDOWS\system32\iawfchpt.ini
C:\WINDOWS\system32\ixpsnrvv.ini
C:\WINDOWS\system32\jsumxgqc.ini
C:\WINDOWS\system32\juldfxuh.ini
C:\WINDOWS\system32\kpjturvs.ini
C:\WINDOWS\system32\kqrtsyjt.ini
C:\WINDOWS\system32\mdcsfpft.ini
C:\WINDOWS\system32\nfxeqttr.ini
C:\WINDOWS\system32\rgpybfse.ini
C:\WINDOWS\system32\stuyypoe.ini
C:\WINDOWS\system32\wrywjawi.ini
C:\WINDOWS\system32\xdxscbhg.ini
C:\WINDOWS\system32\xnklegtx.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\agqfoeft.ini
C:\WINDOWS\system32\bbynxbpb.ini
C:\WINDOWS\system32\fovqvast.ini
C:\WINDOWS\system32\frddidmy.ini
C:\WINDOWS\system32\gikpepot.ini
C:\WINDOWS\system32\gmukcgwn.ini
C:\WINDOWS\system32\iawfchpt.ini
C:\WINDOWS\system32\ixpsnrvv.ini
C:\WINDOWS\system32\jsumxgqc.ini
C:\WINDOWS\system32\juldfxuh.ini
C:\WINDOWS\system32\kpjturvs.ini
C:\WINDOWS\system32\kqrtsyjt.ini
C:\WINDOWS\system32\mdcsfpft.ini
C:\WINDOWS\system32\nfxeqttr.ini
C:\WINDOWS\system32\rgpybfse.ini
C:\WINDOWS\system32\stuyypoe.ini
C:\WINDOWS\system32\wrywjawi.ini
C:\WINDOWS\system32\xdxscbhg.ini
C:\WINDOWS\system32\xnklegtx.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 17:46 . 2008-05-05 17:46 <DIR> d-------- C:\Program Files\CCleaner
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\Violeta\Application Data\Malwarebytes
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 20:12 . 2008-05-03 20:12 <DIR> d-------- C:\Deckard
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 14:36 . 2008-05-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-04-08 21:27 . 2008-04-08 21:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-08 10:53 . 2008-04-09 19:56 32,768 --a------ C:\chochi.doc
2008-04-07 13:27 . 2008-05-05 17:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-05 22:16 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-05 22:16 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-05 22:16 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-05 21:35 . 2008-04-04 20:19 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 21:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6
2008-05-05 20:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-04 17:44 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Skype
2008-05-03 18:55 --------- d-----w C:\Program Files\NavigationEnhancer
2008-04-24 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 21:25 --------- d-----w C:\Program Files\Dell
2008-04-24 12:25 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-10 00:22 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-10 00:19 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Corel
2008-04-09 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 14:22 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-07 18:54 --------- d-----w C:\Program Files\Winamp
2008-04-06 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 02:15 --------- d-----w C:\Program Files\Symantec
2008-04-05 01:57 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Autodesk
2008-04-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-04 23:33 --------- d-----w C:\Program Files\MSBuild
2008-04-04 23:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-03 23:59 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Yahoo!
2008-04-03 22:38 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Yahoo!
2008-04-03 22:21 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 22:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 22:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 22:21 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 11:17 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-03 10:56 --------- d-----w C:\Program Files\LimeWire
2008-04-03 00:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\LimeWire
2008-04-02 23:53 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-02 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-02 00:05 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-04-01 23:17 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Autodesk
2008-03-31 21:57 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-03-31 21:56 --------- d-----w C:\Program Files\FaxTools
2008-03-31 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-31 21:54 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-30 06:49 --------- d-----w C:\Documents and Settings\Violeta\Application Data\U3
2008-03-21 23:34 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Skype
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 11:56 --------- d-----w C:\Program Files\Java
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-10 03:09 13,464 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll
2008-02-10 03:08 43,160 ----a-w C:\WINDOWS\system32\AcSignIcon.dll
2008-02-10 03:08 426,136 ----a-w C:\WINDOWS\system32\AcSignOpt.exe
2008-02-10 03:08 28,312 ----a-w C:\WINDOWS\system32\AcSignExt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-04_21.00.16.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
- 2008-05-03 18:59:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 22:01:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-22 01:34:22 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 02:14:34 270,984 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-05 20:40:12 270,984 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-07 22:11 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:43 57344]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2005-04-30 00:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8e5201-f958-11dc-b49b-0014229cc728}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 00:00:01 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Vladislav Naydenov.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 18:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 18:14:22
ComboFix-quarantined-files.txt 2008-05-05 22:14:18
ComboFix2.txt 2008-05-05 01:00:49

Pre-Run: 57,748,037,632 bytes free
Post-Run: 57,738,952,704 bytes free

373 --- E O F --- 2008-05-05 20:28:19

#8 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 05 May 2008 - 05:31 PM

.... and my new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:05 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8501 bytes

Edited by vgn80, 05 May 2008 - 05:33 PM.


#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 May 2008 - 05:52 PM

Hi

Those logs are clean now :thumbsup:

Would you please post a new KASPERSKY ONLINE SCAN REPORT now ... let's see if it still sees that folder in the fonts folder

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#10 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 06 May 2008 - 10:28 AM

Here is my new Kaspersky report:

KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 9:14:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 741463
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 87575
Number of viruses found: 1
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:30:54

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0068437.exe.xor Infected: Trojan.Win32.VB.cfl skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\9B789060.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F11844BD.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temp\Perflib_Perfdata_bc0.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Violeta\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean&apos;s Quest 1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean&apos;s Quest 1.0.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean's Quest .rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Aveyond II: Ean's Quest .rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\DK:Keyboard-Status 2.1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\DK:Keyboard-Status 2.1.0.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\Magnesium: RSS 2.0 Ticker 4.12.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\Magnesium: RSS 2.0 Ticker 4.12.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\PDF2XL Enterprise: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\PDF2XL Enterprise: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\Fonts\_\PDF2XL OCR: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\WINDOWS\Fonts\_\PDF2XL OCR: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8B366F92-AC6C-4187-896E-D7F57B1EB617}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 May 2008 - 11:06 AM

HI

Yes ...still there ... looks like the folder is hidden, lets see if Combofix can see it, if it does then we can also use combofix to delete the folder ...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word DirLook:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
DirLook::
C:\WINDOWS\Fonts\_


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 06 May 2008 - 07:28 PM

Hi, I apologize for the delay. Below is the new combofix log:

ComboFix 08-05-01.3 - Violeta 2008-05-06 20:18:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.573 [GMT -4:00]
Running from: C:\Documents and Settings\Violeta\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Violeta\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 12:52 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-06 12:51 . 2008-05-06 12:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-06 12:50 . 2008-05-06 12:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-06 12:45 . 2008-05-06 12:45 <DIR> dr-h----- C:\MSOCache
2008-05-06 12:45 . 2008-05-06 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-06 11:51 . 2008-05-06 11:51 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-05-05 17:46 . 2008-05-05 17:46 <DIR> d-------- C:\Program Files\CCleaner
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\Violeta\Application Data\Malwarebytes
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 20:12 . 2008-05-03 20:12 <DIR> d-------- C:\Deckard
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 14:36 . 2008-05-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-04-08 21:27 . 2008-04-08 21:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-08 10:53 . 2008-04-09 19:56 32,768 --a------ C:\chochi.doc
2008-04-07 13:27 . 2008-05-05 17:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 15:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 13:03 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-05 21:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6
2008-05-04 17:44 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Skype
2008-05-03 18:55 --------- d-----w C:\Program Files\NavigationEnhancer
2008-04-24 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 21:25 --------- d-----w C:\Program Files\Dell
2008-04-24 12:25 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-10 00:22 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-10 00:19 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Corel
2008-04-09 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 18:54 --------- d-----w C:\Program Files\Winamp
2008-04-06 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 02:15 --------- d-----w C:\Program Files\Symantec
2008-04-05 01:57 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Autodesk
2008-04-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-05 00:19 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 23:33 --------- d-----w C:\Program Files\MSBuild
2008-04-04 23:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-03 23:59 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Yahoo!
2008-04-03 22:38 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Yahoo!
2008-04-03 22:21 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 22:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 22:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 22:21 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 11:17 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-03 10:56 --------- d-----w C:\Program Files\LimeWire
2008-04-03 00:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\LimeWire
2008-04-02 23:53 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-02 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-02 00:05 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-04-01 23:17 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Autodesk
2008-03-31 21:57 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-03-31 21:56 --------- d-----w C:\Program Files\FaxTools
2008-03-31 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-31 21:54 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-30 06:49 --------- d-----w C:\Documents and Settings\Violeta\Application Data\U3
2008-03-21 23:34 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Skype
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 11:56 --------- d-----w C:\Program Files\Java
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-10 03:09 13,464 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll
2008-02-10 03:08 43,160 ----a-w C:\WINDOWS\system32\AcSignIcon.dll
2008-02-10 03:08 426,136 ----a-w C:\WINDOWS\system32\AcSignOpt.exe
2008-02-10 03:08 28,312 ----a-w C:\WINDOWS\system32\AcSignExt.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\Fonts\_ ----

2008-04-01 20:05 0 --a------ C:\WINDOWS\Fonts\_\PDF2XL OCR
2008-04-01 20:05 0 --a------ C:\WINDOWS\Fonts\_\PDF2XL Enterprise
2008-04-01 20:05 0 --a------ C:\WINDOWS\Fonts\_\Magnesium
2008-04-01 20:05 0 --a------ C:\WINDOWS\Fonts\_\DK
2008-04-01 20:05 0 --a------ C:\WINDOWS\Fonts\_\Aveyond II


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

#13 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 May 2008 - 01:44 PM

HI

OK ... we'll delete the folder with Combofix ...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word Folder:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Folder::
C:\WINDOWS\Fonts\_


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Then Would you please post a new KASPERSKY ONLINE SCAN REPORT

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#14 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 07 May 2008 - 03:08 PM

Hi again,

here is my new Combofix log.

I am running Kaspersky scan right now and will post the log in my next post.

Thank you!

ComboFix 08-05-01.3 - Violeta 2008-05-07 15:57:38.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.552 [GMT -4:00]
Running from: C:\Documents and Settings\Violeta\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Violeta\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\_
C:\WINDOWS\Fonts\_\Aveyond II
C:\WINDOWS\Fonts\_\DK
C:\WINDOWS\Fonts\_\Magnesium
C:\WINDOWS\Fonts\_\PDF2XL Enterprise
C:\WINDOWS\Fonts\_\PDF2XL OCR

.
((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-06 20:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-06 20:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-06 20:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-06 12:52 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-06 12:51 . 2008-05-06 12:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-06 12:50 . 2008-05-06 12:50 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-06 12:45 . 2008-05-06 12:45 <DIR> dr-h----- C:\MSOCache
2008-05-06 12:45 . 2008-05-06 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-06 11:51 . 2008-05-06 11:51 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-05-05 17:46 . 2008-05-05 17:46 <DIR> d-------- C:\Program Files\CCleaner
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\Violeta\Application Data\Malwarebytes
2008-05-04 20:24 . 2008-05-04 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 20:12 . 2008-05-03 20:12 <DIR> d-------- C:\Deckard
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 15:22 . 2008-05-03 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 14:36 . 2008-05-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Program Files\AutoCAD 2008
2008-04-08 21:27 . 2008-04-08 21:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-08 10:53 . 2008-04-09 19:56 32,768 --a------ C:\chochi.doc
2008-04-07 13:27 . 2008-05-05 17:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 15:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 13:03 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-05 21:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\HouseCall 6.6
2008-05-04 17:44 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Skype
2008-05-03 18:55 --------- d-----w C:\Program Files\NavigationEnhancer
2008-04-24 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 21:25 --------- d-----w C:\Program Files\Dell
2008-04-24 12:25 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-10 00:22 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-10 00:19 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Corel
2008-04-09 23:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 18:54 --------- d-----w C:\Program Files\Winamp
2008-04-06 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 02:15 --------- d-----w C:\Program Files\Symantec
2008-04-05 01:57 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Autodesk
2008-04-05 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-05 00:19 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 23:33 --------- d-----w C:\Program Files\MSBuild
2008-04-04 23:25 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-03 23:59 --------- d-----w C:\Documents and Settings\Violeta\Application Data\Yahoo!
2008-04-03 22:38 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Yahoo!
2008-04-03 22:21 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 22:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 22:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 22:21 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 19:42 --------- d-----w C:\Program Files\Yahoo!
2008-04-03 11:17 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-03 10:56 --------- d-----w C:\Program Files\LimeWire
2008-04-03 00:20 --------- d-----w C:\Documents and Settings\Violeta\Application Data\LimeWire
2008-04-02 23:53 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-02 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-02 00:05 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
2008-04-01 23:17 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Autodesk
2008-03-31 21:57 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-03-31 21:56 --------- d-----w C:\Program Files\FaxTools
2008-03-31 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-31 21:54 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-30 06:49 --------- d-----w C:\Documents and Settings\Violeta\Application Data\U3
2008-03-21 23:34 --------- d-----w C:\Documents and Settings\Vladislav Naydenov\Application Data\Skype
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 11:56 --------- d-----w C:\Program Files\Java
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-10 03:09 13,464 ----a-w C:\WINDOWS\system32\AcSignExtRes.dll
2008-02-10 03:08 43,160 ----a-w C:\WINDOWS\system32\AcSignIcon.dll
2008-02-10 03:08 426,136 ----a-w C:\WINDOWS\system32\AcSignOpt.exe
2008-02-10 03:08 28,312 ----a-w C:\WINDOWS\system32\AcSignExt.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-06_13.02.28.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 11:50:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 10:51:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-05 20:40:12 270,984 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-07 01:11:16 323,520 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-07 22:11 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:43 57344]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2005-04-30 00:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8e5201-f958-11dc-b49b-0014229cc728}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 00:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Vladislav Naydenov.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 16:01:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-07 16:04:07
ComboFix-quarantined-files.txt 2008-05-07 20:04:03
ComboFix2.txt 2008-05-07 00:23:46
ComboFix3.txt 2008-05-06 17:02:44
ComboFix4.txt 2008-05-05 22:14:23
ComboFix5.txt 2008-05-05 01:00:49

Pre-Run: 56,417,759,232 bytes free
Post-Run: 56,421,232,640 bytes free

194 --- E O F --- 2008-05-05 22:42:24

#15 vgn80

vgn80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Location:RI, USA
  • Local time:06:29 AM

Posted 07 May 2008 - 07:16 PM

... and my Kaspersky scan:

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 8:11:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 744998
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 89472
Number of viruses found: 3
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:33:45

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0068437.exe.xor Infected: Trojan.Win32.VB.cfl skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0071836.dll.xor Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Violeta\LOCALS~1\Temp\MPSampleSubmit\a0071838.dll.xor Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\30606BBF.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\DA3D3F69.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temp\Perflib_Perfdata_e90.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Violeta\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Violeta\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Violeta\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Aveyond II.vir: Ean&apos;s Quest 1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Aveyond II.vir: Ean&apos;s Quest 1.0.rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Aveyond II.vir: Ean's Quest .rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Aveyond II.vir: Ean's Quest .rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\DK.vir:Keyboard-Status 2.1.0.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\DK.vir:Keyboard-Status 2.1.0.rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Magnesium.vir: RSS 2.0 Ticker 4.12.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\Magnesium.vir: RSS 2.0 Ticker 4.12.rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\PDF2XL Enterprise.vir: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\PDF2XL Enterprise.vir: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\PDF2XL OCR.vir: Convert PDF to Excel 4.0.6.rar:$DATA/Setup.exe Infected: Trojan.Win32.VB.cfl skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\_\PDF2XL OCR.vir: Convert PDF to Excel 4.0.6.rar:$DATA RAR: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\frxwsxdo.dll.vir Infected: Trojan.Win32.Monder.an skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users