Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Popups/ rundll


  • This topic is locked This topic is locked
11 replies to this topic

#1 stoli

stoli

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 17 December 2008 - 06:42 PM

Been getting constant popups even when my my browser is not open saying I have a virus and I should run free virus scan, blah blah blah. I also have been getting spybot popping up saying that rundll is trying to make some changes to the registry. Both of these issues have cropped up around the same time. I think it all might be from the juicycampus website (no i don't gossip there but I checked it out once and then my friend said it has been messing up a lot off peoples computers). Anyway thank you for the help.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Chris at 2008-12-17 18:36:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (40%) free of 95 GB
Total RAM: 1022 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:25 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\V0230Mon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Chris\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Chris.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGARkji.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7DBDF824-A766-4953-80C7-60956DE52391} - C:\WINDOWS\system32\fccaYSME.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {db3e0a1b-dc0d-b0a9-4454-c2bcb7b0f9ff} - {ff9f0b7b-cb2c-4544-9a0b-d0cdb1a0e3bd} - C:\WINDOWS\system32\eyzxsc.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgGARkji - C:\WINDOWS\SYSTEM32\hgGARkji.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

--
End of file - 6156 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\npdrmsvg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\hgGARkji.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DBDF824-A766-4953-80C7-60956DE52391}]
C:\WINDOWS\system32\fccaYSME.dll [2008-12-07 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-20 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff9f0b7b-cb2c-4544-9a0b-d0cdb1a0e3bd}]
C:\WINDOWS\system32\eyzxsc.dll [2008-12-09 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-05 5759816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-06-14 77824]
"V0230Mon.exe"=C:\WINDOWS\V0230Mon.exe [2006-09-07 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8c4828fa]
C:\WINDOWS\system32\txjrypbw.dll [2008-12-07 72704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-01 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chronos Clock]
C:\Program Files\Rainbow Innovations\Chronos Clock\chrns.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2006-04-18 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-10-05 160592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-10-10 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
C:\Program Files\AGLOCO Viewbar\Viewbar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-08-29 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGARkji]
C:\WINDOWS\system32\hgGARkji.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\hgGARkji.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccaYSME

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Chris\My Documents\Downloads\Age of Empires 2 - The Age of Kings and Conquerors\age2_x1.exe"="C:\Documents and Settings\Chris\My Documents\Downloads\Age of Empires 2 - The Age of Kings and Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Documents and Settings\Chris\My Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\Documents and Settings\Chris\My Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 6\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"
"C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe"="C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\TradingRooms.exe:*:Enabled:TradingRooms"
"C:\Program Files\FX 2\FX.exe"="C:\Program Files\FX 2\FX.exe:*:Enabled:FX"
"C:\Program Files\Interbank FX Trader 4\terminal.exe"="C:\Program Files\Interbank FX Trader 4\terminal.exe:*:Enabled:Interbank FX Trader"
"C:\Program Files\Free SMTP Server\localsrv.exe"="C:\Program Files\Free SMTP Server\localsrv.exe:*:Enabled:localsrv"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sierra Online\FreeStyle Street Basketball™\FreeStyle.exe"="C:\Program Files\Sierra Online\FreeStyle Street Basketball™\FreeStyle.exe:*:Enabled:FreeStyle"
"C:\Program Files\Steam\steamapps\stoli@licrew.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\stoli@licrew.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Steam\steamapps\stoli@licrew.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\stoli@licrew.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e80f7-da4f-11dc-b8cd-0016d4069297}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2eb4acc-8d75-11dd-b8ea-00059a3c7800}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31837dc-107d-11dc-93f5-806d6172696f}]
shell\AutoRun\command - D:\start.exe


======List of files/folders created in the last 1 months======

2008-12-17 18:37:02 ----SH---- C:\WINDOWS\system32\deeveqes.ini
2008-12-17 18:37:01 ----A---- C:\WINDOWS\system32\seqeveed.dll
2008-12-17 18:36:56 ----D---- C:\rsit
2008-12-16 17:29:25 ----SH---- C:\WINDOWS\system32\ikcamvld.ini
2008-12-16 17:29:25 ----N---- C:\WINDOWS\system32\dlvmacki.dll
2008-12-16 17:28:33 ----A---- C:\WINDOWS\system32\paombq.dll
2008-12-16 17:28:33 ----A---- C:\WINDOWS\system32\jcnalyym.dll
2008-12-15 20:18:06 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-15 20:17:49 ----D---- C:\WINDOWS\LastGood
2008-12-15 20:17:44 ----A---- C:\WINDOWS\V0230Mon.exe
2008-12-15 20:17:44 ----A---- C:\WINDOWS\V0230Cfg.exe
2008-12-15 20:17:44 ----A---- C:\WINDOWS\system32\V0230Vfw.dll
2008-12-15 20:17:44 ----A---- C:\WINDOWS\CtDrvIns.exe
2008-12-15 20:17:43 ----D---- C:\WINDOWS\CtDrvInstall
2008-12-15 20:17:43 ----A---- C:\WINDOWS\system32\V0230Srv.exe
2008-12-15 20:17:43 ----A---- C:\WINDOWS\system32\V0230Pin.dll
2008-12-15 20:17:43 ----A---- C:\WINDOWS\system32\V0230Hwx.dll
2008-12-15 20:17:43 ----A---- C:\WINDOWS\system32\V0230CVW.dll
2008-12-15 20:17:43 ----A---- C:\WINDOWS\system32\CtCamMgr.dll
2008-12-15 20:17:33 ----D---- C:\Live! Cam
2008-12-15 17:05:59 ----SH---- C:\WINDOWS\system32\shuqxryp.ini
2008-12-15 17:05:57 ----N---- C:\WINDOWS\system32\pyrxquhs.dll
2008-12-15 17:04:39 ----A---- C:\WINDOWS\system32\fljrnq.dll
2008-12-15 17:04:38 ----A---- C:\WINDOWS\system32\lpsumgdh.dll
2008-12-14 14:39:26 ----A---- C:\WINDOWS\system32\yfhlnhrv.dll
2008-12-14 14:39:26 ----A---- C:\WINDOWS\system32\nvnjbq.dll
2008-12-14 14:37:28 ----SH---- C:\WINDOWS\system32\kbgttmgp.ini
2008-12-14 14:37:25 ----N---- C:\WINDOWS\system32\pgmttgbk.dll
2008-12-12 23:23:50 ----A---- C:\WINDOWS\system32\jcbvxy.dll
2008-12-12 23:23:49 ----A---- C:\WINDOWS\system32\xqdoverk.dll
2008-12-12 23:20:50 ----SH---- C:\WINDOWS\system32\sufmadix.ini
2008-12-12 23:20:49 ----A---- C:\WINDOWS\system32\xidamfus.dll
2008-12-11 23:18:47 ----SH---- C:\WINDOWS\system32\eqwlpjyf.ini
2008-12-11 23:18:47 ----A---- C:\WINDOWS\system32\inirik.dll
2008-12-11 23:18:46 ----A---- C:\WINDOWS\system32\olyovaew.dll
2008-12-11 01:21:35 ----ASH---- C:\WINDOWS\system32\EMSYaccf.ini2
2008-12-10 23:25:41 ----A---- C:\WINDOWS\system32\vpkevy.dll
2008-12-10 23:25:35 ----A---- C:\WINDOWS\system32\gswdjymx.dll
2008-12-10 23:22:39 ----SH---- C:\WINDOWS\system32\lhlqfvxd.ini
2008-12-10 20:47:20 ----A---- C:\WINDOWS\wininit.ini
2008-12-10 18:54:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 18:54:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 18:48:04 ----D---- C:\Program Files\Trend Micro
2008-12-10 10:07:23 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-12-10 10:05:54 ----D---- C:\Program Files\Games
2008-12-09 23:37:00 ----D---- C:\Documents and Settings\Chris\Application Data\PlayFirst
2008-12-09 23:35:41 ----D---- C:\WINDOWS\Diner Dash 3-in-1
2008-12-09 23:35:41 ----D---- C:\Program Files\Diner Dash 3-in-1
2008-12-09 23:17:44 ----A---- C:\WINDOWS\system32\eyzxsc.dll
2008-12-09 23:17:43 ----A---- C:\WINDOWS\system32\gtrixbdo.dll
2008-12-08 23:50:13 ----SHD---- C:\WINDOWS\Q2hyaXM
2008-12-08 23:44:49 ----D---- C:\Documents and Settings\Chris\Application Data\SpeedRunner
2008-12-08 23:17:16 ----A---- C:\WINDOWS\system32\oafxxw.dll
2008-12-08 23:17:10 ----A---- C:\WINDOWS\system32\bgduqfah.dll
2008-12-08 15:52:22 ----A---- C:\WINDOWS\unvise32.exe
2008-12-07 23:16:21 ----A---- C:\WINDOWS\system32\txjrypbw.dll
2008-12-07 23:16:19 ----A---- C:\WINDOWS\system32\wvdhzr.dll
2008-12-07 23:16:17 ----A---- C:\WINDOWS\system32\pplxfdct.dll
2008-12-07 23:15:46 ----A---- C:\WINDOWS\system32\876bec84-.txt
2008-12-07 23:14:17 ----ASH---- C:\WINDOWS\system32\EMSYaccf.ini
2008-12-07 23:14:04 ----A---- C:\WINDOWS\system32\fccaYSME.dll
2008-12-07 23:09:28 ----A---- C:\WINDOWS\system32\hgGxVOfF.dll
2008-12-07 23:08:14 ----A---- C:\WINDOWS\system32\hgGARkji.dll

======List of files/folders modified in the last 1 months======

2008-12-17 18:37:12 ----D---- C:\WINDOWS\Prefetch
2008-12-17 18:37:06 ----D---- C:\WINDOWS\system32
2008-12-17 18:33:43 ----D---- C:\Program Files\World of Warcraft
2008-12-17 18:32:19 ----D---- C:\WINDOWS\Temp
2008-12-17 18:27:33 ----D---- C:\Program Files\Mozilla Firefox
2008-12-17 18:26:33 ----D---- C:\WINDOWS
2008-12-17 16:20:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-16 16:24:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-16 13:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 20:20:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 20:20:04 ----D---- C:\WINDOWS\system32\drivers
2008-12-15 20:18:03 ----HD---- C:\WINDOWS\inf
2008-12-15 20:17:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 14:14:27 ----D---- C:\Documents and Settings
2008-12-10 20:47:32 ----D---- C:\Program Files
2008-12-10 10:05:21 ----D---- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-12-09 23:37:00 ----D---- C:\Documents and Settings\Chris\Application Data\Macromedia
2008-12-09 10:30:01 ----SHD---- C:\WINDOWS\Installer
2008-12-08 19:11:40 ----D---- C:\Documents and Settings\Chris\Application Data\OpenOffice.org2
2008-12-08 18:39:48 ----RSH---- C:\boot.ini
2008-12-08 18:39:48 ----A---- C:\WINDOWS\win.ini
2008-12-08 18:39:48 ----A---- C:\WINDOWS\system.ini
2008-12-08 18:39:47 ----D---- C:\WINDOWS\pss
2008-12-07 23:09:39 ----SD---- C:\WINDOWS\Tasks
2008-12-05 14:31:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-05 14:30:29 ----D---- C:\Program Files\Common Files\Designer
2008-12-05 07:20:24 ----D---- C:\Documents and Settings\Chris\Application Data\.purple
2008-12-02 17:20:03 ----D---- C:\WINDOWS\Help
2008-11-19 16:05:02 ----D---- C:\Program Files\eMule

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-01 1412608]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-01 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-01 349312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0230Vfx;V0230Vfx; C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
S3 V0230VID;Live! Cam Video IM Pro; C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-11-20 500608]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-01 393216]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-20 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S4 cmdService;Command Service; C:\WINDOWS\Q2hyaXM\command.exe [2005-08-02 293888]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2008-12-17 18:37:34

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Beginner's Series VB Additional Material-->MsiExec.exe /I{095D1497-0E3A-4FA5-BFDC-B5B0148F0316}
Absolute Beginner's Series VB Lesson 1-->MsiExec.exe /I{07E4A34E-4A4B-411C-B31C-D6FBD3EA9959}
Absolute Beginner's Series VB Lesson 2-->MsiExec.exe /I{4AE03D1A-93E9-47A6-9F52-85AA9C4676C9}
Absolute Beginner's Series VB Lesson 3-->MsiExec.exe /I{A607B23F-0A31-42BC-930D-0613CA78DF56}
Absolute Beginner's Series VB Lesson 4-->MsiExec.exe /I{23B9A2D6-A12F-4C7D-ADE5-D3D4FF035FDB}
Absolute Beginner's Series VB Lesson 5-->MsiExec.exe /I{D10A96A1-C3F4-45C3-959E-D0C779DB5CEC}
Absolute Beginner's Series VB Lesson 6-->MsiExec.exe /I{E64CB9D0-29C2-4E6E-8640-18069875E04C}
Absolute Beginner's Series VB Lesson 7-->MsiExec.exe /I{144AF326-87B4-438C-AE8E-AF6F227C3797}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Age of Chivalry-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17510
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Allway Sync version 8.3.11-->"C:\Program Files\Allway Sync\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bits and Bytes - Lesson 1-->MsiExec.exe /I{CCE8DD97-7C8D-4EDC-9DFC-8CD0ABCE7BB2}
Bits and Bytes - Lesson 2-->MsiExec.exe /I{D1FECECD-97AB-48AC-B915-064B14F77C7B}
Bits and Bytes - Lesson 3-->MsiExec.exe /I{D6D9943B-4815-4438-AE16-DFA1F4DC000F}
Bits and Bytes - Lesson 4-->MsiExec.exe /I{93FCE957-9B09-4E64-889F-0CEE1D71444F}
Bits and Bytes - Lesson 5-->MsiExec.exe /I{AF0C6ED6-A44B-48CE-A920-EC42CD27A63A}
Bodog Poker Version 2.13.6.4-->"C:\Program Files\Bodog Poker\unins000.exe"
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Build-a-lot 3 - Passport to Europe 1.00-->C:\Program Files\Games\Build-a-lot 3 - Passport to Europe\Uninstall.exe
Canon iP1600-->C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Cisco Systems VPN Client 5.0.01.0600-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
ClamWin Free Antivirus 0.93.1-->"C:\Program Files\ClamWin\unins000.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creating Your First Visual Basic Program - Full-->MsiExec.exe /I{0ABF07FB-B366-479A-9379-50FC331022E1}
Creative Live! Cam Video IM Pro Driver (1.02.02.1018)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl
Diner Dash 3-in-1-->"C:\WINDOWS\Diner Dash 3-in-1\uninstall.exe" "/U:C:\Program Files\Diner Dash 3-in-1\Uninstall\uninstall.xml"
DOSShell 1.4-->C:\Program Files\Loonies\DOSShell\uninst.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
Forex Optimizer TT-->MsiExec.exe /I{26280420-8F3D-490A-A54F-065F36353F35}
Forex Tester Professional v1.0 build 12-->c:\ForexTester\unins000.exe
FrostWire 4.13.2.0-->C:\Program Files\FrostWire\Uninstall.exe
FXDD - MetaTrader 4.00-->"C:\Program Files\FXDD - MetaTrader 4\Uninstall.exe" "C:\Program Files\FXDD - MetaTrader 4\install.log"
Game Maker 7.0-->C:\Program Files\Game_Maker7\Uninstal.exe
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
GTK+ Runtime 2.10.13 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Half-Life: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/280
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IHMC CmapTools v4.12-->"C:\Program Files\IHMC CmapTools\UninstallerData\Uninstall CmapTools.exe"
Introduction to Visual Basic Programming Language-->MsiExec.exe /I{77EFF4D4-7666-4F9C-8D12-A430B7BB8FBD}
Introduction to Windows as a Platform-->MsiExec.exe /I{4318D8EF-2F52-4BDC-9C4C-798106E6C383}
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Quick Launch Buttons 5.20 H1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Scratch-->C:\Program Files\Scratch\uninstall.exe
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SnG Power Tools v1.22-->"C:\Program Files\Advantage Analysis\SnG Power Tools\unins000.exe"
SPORE™ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trading Rooms Technologies, Inc TradingRooms Application-->C:\Program Files\Trading Rooms Technologies, Inc\TradingRooms\Avx\Uninstall\SETUP.EXE
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VDMSound 2.0.4-->MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual Basic 2005 Express Edition Feature Tour-->MsiExec.exe /I{A89272EA-FE35-427B-B3C6-1D1500F6CC56}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein 3D-->MsiExec.exe /I{69FDD4EA-9D68-11D5-8A28-005004D37F93}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

=====HijackThis Backups=====

O15 - Trusted Zone: http://*.tenderfoot.com
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O20 - AppInit_DLLs: eyzxsc.dll
O4 - HKLM\..\Run: [8c4828fa] rundll32.exe "C:\WINDOWS\system32\osjemiwm.dll",b
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Chris\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: CHRIS-LAPTOP
Event Code: 4201
Message: The system detected that network adapter Broadcom 802.11b/g WLAN - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 6943
Source Name: Tcpip
Time Written: 20081111085458.000000-300
Event Type: information
User:

Computer Name: CHRIS-LAPTOP
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{7D0AB524-D148-423C-87C7-CC5A8A799626} because a master browser was stopped.

Record Number: 6942
Source Name: BROWSER
Time Written: 20081111085453.000000-300
Event Type: information
User:

Computer Name: CHRIS-LAPTOP
Event Code: 4201
Message: The system detected that network adapter Broadcom 802.11b/g WLAN - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 6941
Source Name: Tcpip
Time Written: 20081111085041.000000-300
Event Type: information
User:

Computer Name: CHRIS-LAPTOP
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{7D0AB524-D148-423C-87C7-CC5A8A799626} because a master browser was stopped.

Record Number: 6940
Source Name: BROWSER
Time Written: 20081111085038.000000-300
Event Type: information
User:

Computer Name: CHRIS-LAPTOP
Event Code: 4201
Message: The system detected that network adapter Broadcom 802.11b/g WLAN - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 6939
Source Name: Tcpip
Time Written: 20081111084100.000000-300
Event Type: information
User:

Application event log

Computer Name: CHRIS-327C6D205
Event Code: 1002
Message: Performance counters for the .NETFramework (.NETFramework) service are already in Performance
Registry, no need to re-install again.

Record Number: 98
Source Name: LoadPerf
Time Written: 20070603183423.000000-240
Event Type: information
User:

Computer Name: CHRIS-327C6D205
Event Code: 1002
Message: Performance counters for the .NET CLR Data (.NET CLR Data) service are already in Performance
Registry, no need to re-install again.

Record Number: 97
Source Name: LoadPerf
Time Written: 20070603183423.000000-240
Event Type: information
User:

Computer Name: CHRIS-327C6D205
Event Code: 1002
Message: Performance counters for the .NET CLR Networking (.NET CLR Networking) service are already in Performance
Registry, no need to re-install again.

Record Number: 96
Source Name: LoadPerf
Time Written: 20070603183423.000000-240
Event Type: information
User:

Computer Name: CHRIS-327C6D205
Event Code: 1002
Message: Performance counters for the .NET Data Provider for SqlServer (.NET Data Provider for SqlServer) service are already in Performance
Registry, no need to re-install again.

Record Number: 95
Source Name: LoadPerf
Time Written: 20070603183423.000000-240
Event Type: information
User:

Computer Name: CHRIS-327C6D205
Event Code: 1002
Message: Performance counters for the .NET Data Provider for Oracle (.NET Data Provider for Oracle) service are already in Performance
Registry, no need to re-install again.

Record Number: 94
Source Name: LoadPerf
Time Written: 20070603183423.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;%VDMSPath%
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"VDMSPath"=C:\Program Files\VDMSound\

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 19 December 2008 - 04:39 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 04 January 2009 - 07:02 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 10 January 2009 - 03:16 PM

reopen at user request.. Post the required logs here...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 stoli

stoli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 11 January 2009 - 05:07 PM

ComboFix 09-01-09.03 - Chris 2009-01-10 1:04:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.239 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Chris\Application Data\SpeedRunner
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Q2hyaXM\
c:\windows\Q2hyaXM\\asappsrv.dll
c:\windows\Q2hyaXM\\command.exe
c:\windows\Q2hyaXM\\kZ1Vurg.vbs
c:\windows\Q2hyaXM\command.exe
c:\windows\system32\asufdgcb.dll
c:\windows\system32\audlmklj.dll
c:\windows\system32\auhbls.dll
c:\windows\system32\awxrpxkr.dll
c:\windows\system32\bduisrku.dll
c:\windows\system32\bgduqfah.dll
c:\windows\system32\bgnlikwf.dll
c:\windows\system32\buomkljd.dll
c:\windows\system32\cmiilrhy.dll
c:\windows\system32\cpjwtwme.dll
c:\windows\system32\cqhhvyrn.dll
c:\windows\system32\cvohdndo.dll
c:\windows\system32\cyoanomq.dll
c:\windows\system32\diandifl.dll
c:\windows\system32\dlmkobqu.dll
c:\windows\system32\drpilxlm.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\EMSYaccf.ini
c:\windows\system32\EMSYaccf.ini2
c:\windows\system32\eyzxsc.dll
c:\windows\system32\fakvscuo.dll
c:\windows\system32\fblhdcdw.dll
c:\windows\system32\fccaYSME.dll
c:\windows\system32\fljrnq.dll
c:\windows\system32\fuxxssdt.dll
c:\windows\system32\gftrtkup.dll
c:\windows\system32\gswdjymx.dll
c:\windows\system32\gtrixbdo.dll
c:\windows\system32\harryd.dll
c:\windows\system32\hcvwgw.dll
c:\windows\system32\hdalchct.dll
c:\windows\system32\hgGARkji.dll
c:\windows\system32\hgGxVOfF.dll
c:\windows\system32\icngdqda.dll
c:\windows\system32\ifqxemjl.dll
c:\windows\system32\imfayd.dll
c:\windows\system32\inirik.dll
c:\windows\system32\jcbvxy.dll
c:\windows\system32\jcnalyym.dll
c:\windows\system32\jdtwxpff.dll
c:\windows\system32\jhvnzb.dll
c:\windows\system32\jjokwrur.dll
c:\windows\system32\kwichart.dll
c:\windows\system32\kyuata.dll
c:\windows\system32\lbomdspq.dll
c:\windows\system32\lmygtv.dll
c:\windows\system32\lpsumgdh.dll
c:\windows\system32\lrjctphg.dll
c:\windows\system32\mnnpnq.dll
c:\windows\system32\nepcymxm.dll
c:\windows\system32\npprql.dll
c:\windows\system32\ntantfuc.dll
c:\windows\system32\nvnjbq.dll
c:\windows\system32\oafxxw.dll
c:\windows\system32\olyovaew.dll
c:\windows\system32\omwuvtlw.dll
c:\windows\system32\oxewakkr.dll
c:\windows\system32\paombq.dll
c:\windows\system32\plzshf.dll
c:\windows\system32\pottvq.dll
c:\windows\system32\pplxfdct.dll
c:\windows\system32\Process.exe
c:\windows\system32\qbfmgujd.dll
c:\windows\system32\qeoofe.dll
c:\windows\system32\qfzbve.dll
c:\windows\system32\qhdesi.dll
c:\windows\system32\qkupgs.dll
c:\windows\system32\qsrjwe.dll
c:\windows\system32\rcthfnry.dll
c:\windows\system32\sbxuiruh.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\tpvdubbk.dll
c:\windows\system32\txjrypbw.dll
c:\windows\system32\uaatgtaa.dll
c:\windows\system32\uhcwzc.dll
c:\windows\system32\uhrcmwkr.dll
c:\windows\system32\uitypuob.dll
c:\windows\system32\vfllnriv.dll
c:\windows\system32\vfyfoe.dll
c:\windows\system32\vpkevy.dll
c:\windows\system32\vsnnui.dll
c:\windows\system32\wvdhzr.dll
c:\windows\system32\wxtmao.dll
c:\windows\system32\xemtodmh.dll
c:\windows\system32\xicmhyai.dll
c:\windows\system32\xidamfus.dll
c:\windows\system32\xqdoverk.dll
c:\windows\system32\ybxdemjl.dll
c:\windows\system32\ydldxdmu.dll
c:\windows\system32\yfhlnhrv.dll
c:\windows\system32\yfsynk.dll
c:\windows\Tasks\npdrmsvg.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 15:53 . 2009-01-09 15:53 120 --ahs---- c:\windows\system32\jlkmldua.ini
2009-01-08 15:55 . 2009-01-08 15:55 120 --ahs---- c:\windows\system32\mlxliprd.ini
2009-01-07 15:51 . 2009-01-07 15:51 120 --ahs---- c:\windows\system32\odndhovc.ini
2009-01-05 17:43 . 2009-01-05 17:43 120 --ahs---- c:\windows\system32\lfidnaid.ini
2009-01-05 10:16 . 2009-01-05 10:16 <DIR> d-------- c:\program files\MBTrading
2009-01-05 10:16 . 2001-08-14 08:21 1,667,072 --a------ c:\windows\system32\DXdbGrid.dll
2009-01-05 10:16 . 2003-02-07 03:05 266,240 --a------ c:\windows\system32\dXPSystm.dll
2009-01-04 15:57 . 2009-01-04 15:57 120 --ahs---- c:\windows\system32\ljmexqfi.ini
2009-01-03 15:51 . 2009-01-03 15:51 120 --ahs---- c:\windows\system32\djlkmoub.ini
2009-01-02 15:54 . 2009-01-02 15:54 120 --ahs---- c:\windows\system32\uqbokmld.ini
2009-01-01 15:48 . 2009-01-01 15:48 120 --ahs---- c:\windows\system32\rkwmcrhu.ini
2009-01-01 15:45 . 2009-01-01 15:45 120 --ahs---- c:\windows\system32\rkkawexo.ini
2008-12-31 15:45 . 2008-12-31 15:45 120 --ahs---- c:\windows\system32\iayhmcix.ini
2008-12-30 21:59 . 2008-12-30 21:59 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 21:59 . 2008-12-30 21:59 1,409 --a------ c:\windows\QTFont.for
2008-12-29 15:43 . 2008-12-29 15:43 120 --ahs---- c:\windows\system32\djugmfbq.ini
2008-12-28 15:43 . 2008-12-28 15:43 120 --ahs---- c:\windows\system32\hmdotmex.ini
2008-12-28 13:27 . 2008-12-28 13:27 <DIR> d-------- c:\program files\Bluetack
2008-12-28 13:27 . 2004-08-21 20:49 1,081,616 --a------ c:\windows\system32\mscomctl.ocx
2008-12-28 13:27 . 2004-08-21 20:49 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-28 13:27 . 2004-08-21 20:49 212,240 --a------ c:\windows\system32\Richtx32.ocx
2008-12-28 13:27 . 2004-08-21 20:49 152,848 --a------ c:\windows\system32\comdlg32.ocx
2008-12-28 13:27 . 2000-10-29 17:34 150,016 --a------ c:\windows\system32\Unzip32.dll
2008-12-28 13:27 . 2004-08-21 20:49 132,880 --a------ c:\windows\system32\msinet.ocx
2008-12-28 13:27 . 2004-08-21 20:49 124,688 --a------ c:\windows\system32\mswinsck.ocx
2008-12-27 15:41 . 2008-12-27 15:41 120 --ahs---- c:\windows\system32\qmonaoyc.ini
2008-12-26 15:45 . 2008-12-26 15:45 120 --ahs---- c:\windows\system32\cuftnatn.ini
2008-12-24 09:43 . 2008-12-24 09:43 120 --ahs---- c:\windows\system32\trahciwk.ini
2008-12-24 09:40 . 2008-12-24 09:40 120 --ahs---- c:\windows\system32\ghptcjrl.ini
2008-12-22 14:49 . 2008-12-22 14:49 120 --ahs---- c:\windows\system32\boupytiu.ini
2008-12-21 13:30 . 2008-12-21 13:30 120 --ahs---- c:\windows\system32\kbbudvpt.ini
2008-12-19 21:12 . 2008-12-19 21:12 120 --ahs---- c:\windows\system32\wdcdhlbf.ini
2008-12-18 18:46 . 2008-12-18 18:47 120 --ahs---- c:\windows\system32\uanppicj.ini
2008-12-18 17:52 . 2008-12-18 17:52 <DIR> d-------- c:\program files\Curse
2008-12-17 19:17 . 2008-12-17 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-17 18:37 . 2008-12-17 18:37 120 --ahs---- c:\windows\system32\deeveqes.ini
2008-12-17 18:36 . 2008-12-17 18:37 <DIR> d-------- C:\rsit
2008-12-16 17:29 . 2008-12-16 17:29 120 --ahs---- c:\windows\system32\ikcamvld.ini
2008-12-15 20:20 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-15 20:20 . 2008-04-13 14:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-15 20:19 . 2008-04-13 14:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2008-12-15 20:19 . 2008-04-13 14:46 85,248 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2008-12-15 20:19 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2008-12-15 20:19 . 2008-04-13 14:46 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-12-15 20:19 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-15 20:19 . 2008-04-13 20:12 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-12-15 20:19 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-12-15 20:19 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-12-15 20:19 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-15 20:18 . 2008-04-13 20:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-15 20:18 . 2008-04-13 20:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-15 20:18 . 2008-04-13 20:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-15 20:18 . 2008-04-13 20:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-15 20:18 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-15 20:18 . 2008-04-13 20:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-15 20:18 . 2008-04-13 20:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-15 20:18 . 2008-04-13 20:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-15 20:18 . 2008-04-13 14:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-12-15 20:18 . 2008-04-13 14:46 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2008-12-15 17:05 . 2008-12-15 17:06 120 --ahs---- c:\windows\system32\shuqxryp.ini
2008-12-14 14:37 . 2008-12-14 14:37 120 --ahs---- c:\windows\system32\kbgttmgp.ini
2008-12-12 23:20 . 2008-12-12 23:20 120 --ahs---- c:\windows\system32\sufmadix.ini
2008-12-11 23:18 . 2008-12-11 23:18 120 --ahs---- c:\windows\system32\eqwlpjyf.ini
2008-12-10 23:22 . 2008-12-10 23:22 120 --ahs---- c:\windows\system32\lhlqfvxd.ini
2008-12-10 20:47 . 2008-12-10 20:47 153 --a------ c:\windows\wininit.ini
2008-12-10 18:54 . 2008-12-10 18:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-10 18:54 . 2008-12-11 01:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 18:48 . 2008-12-10 18:48 <DIR> d-------- c:\program files\Trend Micro
2008-12-10 10:07 . 2008-12-10 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\HipSoft
2008-12-10 10:05 . 2008-12-10 10:05 <DIR> d-------- c:\program files\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 05:47 --------- d-----w c:\program files\Common Files\Adobe
2009-01-09 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-08 01:26 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent
2008-12-19 20:27 --------- d-----w c:\program files\PokerStars
2008-12-18 01:17 --------- d-----w c:\program files\World of Warcraft
2008-12-10 04:37 --------- d-----w c:\documents and settings\Chris\Application Data\PlayFirst
2008-12-10 04:36 --------- d-----w c:\program files\Diner Dash 3-in-1
2008-12-09 00:11 --------- d-----w c:\documents and settings\Chris\Application Data\OpenOffice.org2
2008-12-05 19:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 12:20 --------- d-----w c:\documents and settings\Chris\Application Data\.purple
2008-11-19 21:05 --------- d-----w c:\program files\eMule
2008-11-16 20:45 --------- d-----w c:\program files\MSECache
2008-11-16 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-10 05:48 --------- d-----w c:\documents and settings\Chris\Application Data\gtk-2.0
2008-11-10 00:51 --------- d-----w c:\program files\FXDD - MetaTrader 4
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-06-14 77824]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\fccaYSME

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-12-01 20:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2006-04-18 08:32 405504 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-10-05 11:25 160592 c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 16:14 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 13:36 827392 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\Age of Empires 2 - The Age of Kings and Conquerors\\age2_x1.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Trading Rooms Technologies, Inc\\TradingRooms\\Avx\\TradingRooms.exe"=
"c:\\Program Files\\Interbank FX Trader 4\\terminal.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\stoli@licrew.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Steam\\steamapps\\stoli@licrew.com\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=

R4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2008-12-15 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2008-12-15 500608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e80f7-da4f-11dc-b8cd-0016d4069297}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2eb4acc-8d75-11dd-b8ea-00059a3c7800}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{954EFEC7-7A66-4CC0-B88A-38B6B7B26151} - c:\windows\system32\fccaYSME.dll
BHO-{ff9f0b7b-cb2c-4544-9a0b-d0cdb1a0e3bd} - c:\windows\system32\eyzxsc.dll
MSConfigStartUp-8c4828fa - c:\windows\system32\txjrypbw.dll
MSConfigStartUp-Chronos Clock - c:\program files\Rainbow Innovations\Chronos Clock\chrns.exe
MSConfigStartUp-Viewbar - c:\program files\AGLOCO Viewbar\Viewbar.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\inv9f32m.Chris2\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\inv9f32m.Chris2\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 01:14:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-01-10 1:19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-10 06:19:01

Pre-Run: 37,207,908,352 bytes free
Post-Run: 37,691,891,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

353 --- E O F --- 2008-11-12 14:07:23


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:34 AM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\cfbc39150cce12d1357ba324d4d0c40c\update\update.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

--
End of file - 6174 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 12 January 2009 - 02:22 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::

File::
c:\windows\system32\jlkmldua.ini
c:\windows\system32\mlxliprd.ini
c:\windows\system32\odndhovc.ini
c:\windows\system32\lfidnaid.ini
c:\windows\system32\ljmexqfi.ini
c:\windows\system32\djlkmoub.ini
c:\windows\system32\uqbokmld.ini
c:\windows\system32\rkwmcrhu.ini
c:\windows\system32\rkkawexo.ini
c:\windows\system32\iayhmcix.ini
c:\windows\QTFont.qfn
c:\windows\QTFont.for
c:\windows\system32\djugmfbq.ini
c:\windows\system32\hmdotmex.ini
c:\windows\system32\qmonaoyc.ini
c:\windows\system32\cuftnatn.ini
c:\windows\system32\trahciwk.ini
c:\windows\system32\ghptcjrl.ini
c:\windows\system32\boupytiu.ini
c:\windows\system32\kbbudvpt.ini
c:\windows\system32\wdcdhlbf.ini
c:\windows\system32\uanppicj.ini
c:\windows\system32\deeveqes.ini
c:\windows\system32\ikcamvld.ini
c:\windows\system32\shuqxryp.ini
c:\windows\system32\kbgttmgp.ini
c:\windows\system32\sufmadix.ini
c:\windows\system32\eqwlpjyf.ini
c:\windows\system32\lhlqfvxd.ini

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 stoli

stoli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 12 January 2009 - 09:04 PM

ComboFix 09-01-09.03 - Chris 2009-01-12 20:50:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.429 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\QTFont.for
c:\windows\QTFont.qfn
c:\windows\system32\boupytiu.ini
c:\windows\system32\cuftnatn.ini
c:\windows\system32\deeveqes.ini
c:\windows\system32\djlkmoub.ini
c:\windows\system32\djugmfbq.ini
c:\windows\system32\eqwlpjyf.ini
c:\windows\system32\ghptcjrl.ini
c:\windows\system32\hmdotmex.ini
c:\windows\system32\iayhmcix.ini
c:\windows\system32\ikcamvld.ini
c:\windows\system32\jlkmldua.ini
c:\windows\system32\kbbudvpt.ini
c:\windows\system32\kbgttmgp.ini
c:\windows\system32\lfidnaid.ini
c:\windows\system32\lhlqfvxd.ini
c:\windows\system32\ljmexqfi.ini
c:\windows\system32\mlxliprd.ini
c:\windows\system32\odndhovc.ini
c:\windows\system32\qmonaoyc.ini
c:\windows\system32\rkkawexo.ini
c:\windows\system32\rkwmcrhu.ini
c:\windows\system32\shuqxryp.ini
c:\windows\system32\sufmadix.ini
c:\windows\system32\trahciwk.ini
c:\windows\system32\uanppicj.ini
c:\windows\system32\uqbokmld.ini
c:\windows\system32\wdcdhlbf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\QTFont.for
c:\windows\QTFont.qfn
c:\windows\system32\boupytiu.ini
c:\windows\system32\cuftnatn.ini
c:\windows\system32\deeveqes.ini
c:\windows\system32\djlkmoub.ini
c:\windows\system32\djugmfbq.ini
c:\windows\system32\eqwlpjyf.ini
c:\windows\system32\ghptcjrl.ini
c:\windows\system32\hmdotmex.ini
c:\windows\system32\iayhmcix.ini
c:\windows\system32\ikcamvld.ini
c:\windows\system32\jlkmldua.ini
c:\windows\system32\kbbudvpt.ini
c:\windows\system32\kbgttmgp.ini
c:\windows\system32\lfidnaid.ini
c:\windows\system32\lhlqfvxd.ini
c:\windows\system32\ljmexqfi.ini
c:\windows\system32\mlxliprd.ini
c:\windows\system32\odndhovc.ini
c:\windows\system32\qmonaoyc.ini
c:\windows\system32\rkkawexo.ini
c:\windows\system32\rkwmcrhu.ini
c:\windows\system32\shuqxryp.ini
c:\windows\system32\sufmadix.ini
c:\windows\system32\trahciwk.ini
c:\windows\system32\uanppicj.ini
c:\windows\system32\uqbokmld.ini
c:\windows\system32\wdcdhlbf.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-05 10:16 . 2009-01-05 10:16 <DIR> d-------- c:\program files\MBTrading
2009-01-05 10:16 . 2001-08-14 08:21 1,667,072 --a------ c:\windows\system32\DXdbGrid.dll
2009-01-05 10:16 . 2003-02-07 03:05 266,240 --a------ c:\windows\system32\dXPSystm.dll
2008-12-28 13:27 . 2008-12-28 13:27 <DIR> d-------- c:\program files\Bluetack
2008-12-28 13:27 . 2004-08-21 20:49 1,081,616 --a------ c:\windows\system32\mscomctl.ocx
2008-12-28 13:27 . 2004-08-21 20:49 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-28 13:27 . 2004-08-21 20:49 212,240 --a------ c:\windows\system32\Richtx32.ocx
2008-12-28 13:27 . 2004-08-21 20:49 152,848 --a------ c:\windows\system32\comdlg32.ocx
2008-12-28 13:27 . 2000-10-29 17:34 150,016 --a------ c:\windows\system32\Unzip32.dll
2008-12-28 13:27 . 2004-08-21 20:49 132,880 --a------ c:\windows\system32\msinet.ocx
2008-12-28 13:27 . 2004-08-21 20:49 124,688 --a------ c:\windows\system32\mswinsck.ocx
2008-12-18 17:52 . 2008-12-18 17:52 <DIR> d-------- c:\program files\Curse
2008-12-17 19:17 . 2008-12-17 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-17 18:36 . 2008-12-17 18:37 <DIR> d-------- C:\rsit
2008-12-15 20:20 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-15 20:20 . 2008-04-13 14:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-15 20:19 . 2008-04-13 14:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2008-12-15 20:19 . 2008-04-13 14:46 85,248 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2008-12-15 20:19 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2008-12-15 20:19 . 2008-04-13 14:46 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-12-15 20:19 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-15 20:19 . 2008-04-13 20:12 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-12-15 20:19 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-12-15 20:19 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-12-15 20:19 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-15 20:19 . 2008-04-13 14:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-15 20:18 . 2008-04-13 20:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-12-15 20:18 . 2008-04-13 20:12 91,136 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2008-12-15 20:18 . 2008-04-13 20:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-12-15 20:18 . 2008-04-13 20:12 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2008-12-15 20:18 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-12-15 20:18 . 2008-04-13 20:12 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-15 20:18 . 2008-04-13 20:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-12-15 20:18 . 2008-04-13 20:12 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2008-12-15 20:18 . 2008-04-13 14:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2008-12-15 20:18 . 2008-04-13 14:46 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-10 05:47 --------- d-----w c:\program files\Common Files\Adobe
2009-01-08 01:26 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent
2008-12-19 20:27 --------- d-----w c:\program files\PokerStars
2008-12-18 01:17 --------- d-----w c:\program files\World of Warcraft
2008-12-11 06:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 23:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-10 23:48 --------- d-----w c:\program files\Trend Micro
2008-12-10 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-12-10 15:05 --------- d-----w c:\program files\Games
2008-12-10 04:37 --------- d-----w c:\documents and settings\Chris\Application Data\PlayFirst
2008-12-10 04:36 --------- d-----w c:\program files\Diner Dash 3-in-1
2008-12-09 00:11 --------- d-----w c:\documents and settings\Chris\Application Data\OpenOffice.org2
2008-12-05 19:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 12:20 --------- d-----w c:\documents and settings\Chris\Application Data\.purple
2008-11-19 21:05 --------- d-----w c:\program files\eMule
2008-11-16 20:45 --------- d-----w c:\program files\MSECache
2008-11-16 20:45 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
.

((((((((((((((((((((((((((((( snapshot@2009-01-10_ 1.17.47.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:30:53 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:30:51 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:30:52 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:00:11 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:30:51 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:00:11 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
- 2008-12-21 18:34:02 61,026 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-11 21:47:32 61,026 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-21 18:34:03 401,032 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-11 21:47:32 401,032 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
- 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-06-14 77824]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-12-01 20:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2006-04-18 08:32 405504 c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-10-05 11:25 160592 c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 16:14 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 13:36 827392 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\Age of Empires 2 - The Age of Kings and Conquerors\\age2_x1.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Trading Rooms Technologies, Inc\\TradingRooms\\Avx\\TradingRooms.exe"=
"c:\\Program Files\\Interbank FX Trader 4\\terminal.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\stoli@licrew.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Steam\\steamapps\\stoli@licrew.com\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=

R4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2008-12-15 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2008-12-15 500608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e80f7-da4f-11dc-b8cd-0016d4069297}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2eb4acc-8d75-11dd-b8ea-00059a3c7800}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\inv9f32m.Chris2\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\inv9f32m.Chris2\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 20:55:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-12 20:58:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 01:58:34
ComboFix2.txt 2009-01-10 06:19:15

Pre-Run: 34,439,614,464 bytes free
Post-Run: 34,432,135,168 bytes free

306 --- E O F --- 2009-01-10 15:36:40


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:34 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

--
End of file - 6014 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 12 January 2009 - 11:21 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.






Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me, how's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 stoli

stoli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 13 January 2009 - 11:39 AM

Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3

1/13/2009 10:18:36 AM
mbam-log-2009-01-13 (10-18-36).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 175540
Time elapsed: 1 hour(s), 26 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 163

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\Q2hyaXM\asappsrv.dll.vir (Adware.CommAd) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Q2hyaXM\command.exe.vir (Adware.CommAd) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\asufdgcb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\audlmklj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\auhbls.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\awxrpxkr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bduisrku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgduqfah.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgnlikwf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\buomkljd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cmiilrhy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cpjwtwme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cqhhvyrn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cvohdndo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\diandifl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dlmkobqu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drpilxlm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eyzxsc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fakvscuo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fblhdcdw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccaYSME.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fljrnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuxxssdt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gftrtkup.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gswdjymx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gtrixbdo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\harryd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hdalchct.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGxVOfF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\icngdqda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifqxemjl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\imfayd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\inirik.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jcbvxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jcnalyym.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jdtwxpff.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhvnzb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jjokwrur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kyuata.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lbomdspq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmygtv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lpsumgdh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mnnpnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nepcymxm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\npprql.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntantfuc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvnjbq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oafxxw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\olyovaew.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\omwuvtlw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\paombq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\plzshf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pottvq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pplxfdct.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qbfmgujd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qeoofe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qhdesi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qkupgs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsrjwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rcthfnry.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sbxuiruh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpvdubbk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\txjrypbw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uhcwzc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vfllnriv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vfyfoe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vpkevy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vsnnui.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvdhzr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxtmao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xemtodmh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xicmhyai.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xqdoverk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ybxdemjl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfhlnhrv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfsynk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023414.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023416.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023421.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023422.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP399\A0023436.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP401\A0023597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP407\A0023806.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024240.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024241.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024261.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024320.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024322.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024324.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024327.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024328.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{20A8820D-2EA1-43B8-984E-3BF07D4DD85B}\RP426\A0024319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Media Files\Apps\Ahead.Nero.Burning.ROM.v6.6.0.6.Ultra.Edition.incl.KeyGen\Ahead.Nero.Burning.ROM.v6.6.0.6.Ultra.Edition\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Media Files\Apps\Ahead.Nero.Burning.ROM.v6.6.0.6.Ultra.Edition.incl.KeyGen\Ahead.Nero.Burning.ROM.v6.6.0.6.Ultra.Edition\Keygen\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3761 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d2e0864062fdd949a0e72e739278700d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 04:37:12
# local_time=2009-01-13 11:37:12 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=589161
# found=17
# scan_time=4322
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr3.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-18418f3b multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-18418f3b »ZIP »MagicApplet.class Java/TrojanDownloader.OpenConnection trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-18418f3b »ZIP »OwnClassLoader.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-18418f3b »ZIP »ProxyClassLoader.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\4ef9724c-18418f3b »ZIP »Installer.class Java/TrojanDownloader.Agent.A trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\40\4ac9ef68-181f54ea Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\52\309a49b4-463229ab Java/TrojanDownloader.OpenStream.NAB trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\52\309a49b4-463229ab »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\Q2hyaXM\kZ1Vurg.vbs.vir Win32/Adware.ISearch application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\hgGARkji.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\lrjctphg.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\uitypuob.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
E:\Media Files\Music\Wicked Remix.wma WMA/TrojanDownloader.Wimad.D trojan (unable to clean - deleted) 00000000000000000000000000000000


The computer seems to be doing a lot better, no more popups. Am I clean? Thank you very much!

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 13 January 2009 - 01:14 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 stoli

stoli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 13 January 2009 - 07:31 PM

its running great, thank you very much for your help!

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 14 January 2009 - 01:05 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users