Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
37 replies to this topic

#1 romeomj

romeomj

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 19 June 2007 - 09:02 PM

HELP!!! I have had a hell of a time with pop ups lately and it is slowing down my internet and computer experience... by using spybot I noticed a file that would not go away... Virtumonde... PLEASE help me get rid of it... I have done all the steps that you suggested... here is my log.


Logfile of HijackThis v1.99.1
Scan saved at 9:49:52 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\yrfxda.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [vebgwh] C:\WINDOWS\system32\vebgwh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msgjlspmklxc] C:\WINDOWS\system32\msgjlspmklxc.exe
O4 - HKLM\..\Run: [bxtxfxpdmgfm] C:\WINDOWS\system32\bxtxfxpdmgfm.exe
O4 - HKLM\..\Run: [envuthtmyr] C:\WINDOWS\system32\envuthtmyr.exe
O4 - HKLM\..\Run: [cgwq] C:\WINDOWS\system32\cgwq.exe
O4 - HKLM\..\Run: [ltjdtnvf] C:\WINDOWS\system32\ltjdtnvf.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [xo] C:\WINDOWS\system32\xo.exe
O4 - HKLM\..\Run: [fkcvkugcyvuy] C:\WINDOWS\system32\fkcvkugcyvuy.exe
O4 - HKLM\..\Run: [bg] C:\WINDOWS\system32\bg.exe
O4 - HKLM\..\Run: [aeiqsjvlwsha] C:\WINDOWS\system32\aeiqsjvlwsha.exe
O4 - HKLM\..\Run: [gvtpagc] C:\WINDOWS\system32\gvtpagc.exe
O4 - HKLM\..\Run: [rmxfxppwael] C:\WINDOWS\system32\rmxfxppwael.exe
O4 - HKLM\..\Run: [gvhtvgimflk] C:\WINDOWS\system32\gvhtvgimflk.exe
O4 - HKLM\..\Run: [cgygydizxe] C:\WINDOWS\system32\cgygydizxe.exe
O4 - HKLM\..\Run: [ispuitfp] C:\WINDOWS\system32\ispuitfp.exe
O4 - HKLM\..\Run: [qgzxnbrd] C:\WINDOWS\system32\qgzxnbrd.exe
O4 - HKLM\..\Run: [jlqkpylafm] C:\WINDOWS\system32\jlqkpylafm.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zwhuvbjjzw] C:\WINDOWS\system32\zwhuvbjjzw.exe
O4 - HKLM\..\Run: [wmssacrzhrwd] C:\WINDOWS\system32\wmssacrzhrwd.exe
O4 - HKLM\..\Run: [nwyvvuu] C:\WINDOWS\system32\nwyvvuu.exe
O4 - HKLM\..\Run: [kralxeu] C:\WINDOWS\system32\kralxeu.exe
O4 - HKLM\..\Run: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [yrfxda] C:\WINDOWS\system32\yrfxda.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\boxvvwaq.dll",realset
O4 - HKCU\..\Run: [Bjl] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\SSTEM3~1\smss.exe" -vt ndrv
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (iyddkuaetnuu6) - Unknown owner - C:\WINDOWS\system32\gq.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 20 June 2007 - 12:38 AM

Hey romeomj

ComboFix

Please download ComboFix.exe (by sUBs)

Double click ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note : Do not mouseclick ComboFix's window whilst it's running! That may cause it to stall.

Uninstall List

1. Open Hijackthis and select: Open the Misc Tools section.
2. Then choose: Open Uninstall Manager and click Save List.
3. Save the list to your computer.
4. Then copy the contents of the list back to your thread with a Hijackthis log aswell please.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 20 June 2007 - 08:24 PM

I attempted to do what you asked BUT CombFix opened up with an explanation that it would take 10 minutes or less to scan and THEN POOF it went gone from my screen... NO LIST PRODUCED... then I followed your directin with HijackThis and when I clicked "Save List"... POOF the program closed and no list... what happened?

meanwhile - Here is the most current HijackThis list:

Logfile of HijackThis v1.99.1
Scan saved at 21:11, on 2007-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [vebgwh] C:\WINDOWS\system32\vebgwh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [msgjlspmklxc] C:\WINDOWS\system32\msgjlspmklxc.exe
O4 - HKLM\..\Run: [bxtxfxpdmgfm] C:\WINDOWS\system32\bxtxfxpdmgfm.exe
O4 - HKLM\..\Run: [envuthtmyr] C:\WINDOWS\system32\envuthtmyr.exe
O4 - HKLM\..\Run: [cgwq] C:\WINDOWS\system32\cgwq.exe
O4 - HKLM\..\Run: [ltjdtnvf] C:\WINDOWS\system32\ltjdtnvf.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [xo] C:\WINDOWS\system32\xo.exe
O4 - HKLM\..\Run: [fkcvkugcyvuy] C:\WINDOWS\system32\fkcvkugcyvuy.exe
O4 - HKLM\..\Run: [bg] C:\WINDOWS\system32\bg.exe
O4 - HKLM\..\Run: [aeiqsjvlwsha] C:\WINDOWS\system32\aeiqsjvlwsha.exe
O4 - HKLM\..\Run: [gvtpagc] C:\WINDOWS\system32\gvtpagc.exe
O4 - HKLM\..\Run: [rmxfxppwael] C:\WINDOWS\system32\rmxfxppwael.exe
O4 - HKLM\..\Run: [gvhtvgimflk] C:\WINDOWS\system32\gvhtvgimflk.exe
O4 - HKLM\..\Run: [cgygydizxe] C:\WINDOWS\system32\cgygydizxe.exe
O4 - HKLM\..\Run: [ispuitfp] C:\WINDOWS\system32\ispuitfp.exe
O4 - HKLM\..\Run: [qgzxnbrd] C:\WINDOWS\system32\qgzxnbrd.exe
O4 - HKLM\..\Run: [jlqkpylafm] C:\WINDOWS\system32\jlqkpylafm.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zwhuvbjjzw] C:\WINDOWS\system32\zwhuvbjjzw.exe
O4 - HKLM\..\Run: [wmssacrzhrwd] C:\WINDOWS\system32\wmssacrzhrwd.exe
O4 - HKLM\..\Run: [nwyvvuu] C:\WINDOWS\system32\nwyvvuu.exe
O4 - HKLM\..\Run: [kralxeu] C:\WINDOWS\system32\kralxeu.exe
O4 - HKLM\..\Run: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [yrfxda] C:\WINDOWS\system32\yrfxda.exe
O4 - HKCU\..\Run: [Bjl] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\SSTEM3~1\smss.exe" -vt ndrv
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#4 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 21 June 2007 - 11:05 AM

Hey romeomj

I attempted to do what you asked BUT CombFix opened up with an explanation that it would take 10 minutes or less to scan and THEN POOF it went gone from my screen... NO LIST PRODUCED... then I followed your directin with HijackThis and when I clicked "Save List"... POOF the program closed and no list... what happened?


How long did ComboFix run before closing...did it close instantly after showing the 10 minutes notice? Does this happen with all programs? Can you open up notepad.....type some text and then try to save it - what happens?

==========

Two Anti-Virus Products

I do not recommend that you have more than one Anti-Virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other Anti-Virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened - again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either BitDefender or Symantec.

==========

Upload Files

You have a file(s) of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

1. Please download Suspicious File Packer.
2. Then restart your computer in safe mode.
3. Double-click Suspicious File Packer. Then copy and paste this list of files:

C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\system32\vebgwh.exe
C:\WINDOWS\system32\msgjlspmklxc.exe
C:\WINDOWS\system32\envuthtmyr.exe
C:\WINDOWS\system32\cgwq.exe
C:\WINDOWS\system32\ltjdtnvf.exe
C:\WINDOWS\system32\j.exe
C:\WINDOWS\system32\xo.exe
C:\WINDOWS\system32\fkcvkugcyvuy.exe
C:\WINDOWS\system32\bg.exe
C:\WINDOWS\system32\aeiqsjvlwsha.exe
C:\WINDOWS\system32\gvtpagc.exe
C:\WINDOWS\system32\rmxfxppwael.exe
C:\WINDOWS\system32\gvhtvgimflk.exe
C:\WINDOWS\system32\cgygydizxe.exe
C:\WINDOWS\system32\ispuitfp.exe
C:\WINDOWS\system32\qgzxnbrd.exe
C:\WINDOWS\system32\jlqkpylafm.exe
C:\WINDOWS\system32\zwhuvbjjzw.exe
C:\WINDOWS\system32\wmssacrzhrwd.exe
C:\WINDOWS\system32\nwyvvuu.exe
C:\WINDOWS\system32\kralxeu.exe
C:\WINDOWS\system32\x.exe
C:\WINDOWS\system32\yrfxda.exe
C:\WINDOWS\system32\n?tdde.exe
C:\DOCUME~1\Owner\APPLIC~1\SSTEM3~1\smss.exe
C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\Config\service.exe


4. Then click Continue. Close the program down.
5. Restart your computer in normal mode.
6. On your desktop should be a file like this: requested-files[2007-06-20_15_36].cab.
7. Open up Submit Files!
8. Then fill in the details:

Link: http://www.bleepingcomputer.com/forums/t/96642/virtumonde-infection/
File: Locate your file: requested-files[2007-06-20_15_36].cab

9. Then click Send File.

==========

RogueRemover

Please download rr-free-setup.exe (by RubbeR DuckY). Save the file to your desktop.

Double-click rr-free-setup.exe. RogueRemover will now be installed - OK the installation prompts. Once it has successfully installed click Check for updates. Download & install any updates.

Click Scan. RogueRemover will now scan your computer for any rogue programs. Once it has finished click Remove Selected if it finds any. Please allow RogueRemover to submit the statistical data.

==========

Fix these Hijackthis Items

1. Open HijackThis and select the Do a system scan only option.
2. Place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
O4 - HKLM\..\Run: [vebgwh] C:\WINDOWS\system32\vebgwh.exe
O4 - HKLM\..\Run: [msgjlspmklxc] C:\WINDOWS\system32\msgjlspmklxc.exe
O4 - HKLM\..\Run: [bxtxfxpdmgfm] C:\WINDOWS\system32\bxtxfxpdmgfm.exe
O4 - HKLM\..\Run: [envuthtmyr] C:\WINDOWS\system32\envuthtmyr.exe
O4 - HKLM\..\Run: [cgwq] C:\WINDOWS\system32\cgwq.exe
O4 - HKLM\..\Run: [ltjdtnvf] C:\WINDOWS\system32\ltjdtnvf.exe
O4 - HKLM\..\Run: [j] C:\WINDOWS\system32\j.exe
O4 - HKLM\..\Run: [xo] C:\WINDOWS\system32\xo.exe
O4 - HKLM\..\Run: [fkcvkugcyvuy] C:\WINDOWS\system32\fkcvkugcyvuy.exe
O4 - HKLM\..\Run: [bg] C:\WINDOWS\system32\bg.exe
O4 - HKLM\..\Run: [aeiqsjvlwsha] C:\WINDOWS\system32\aeiqsjvlwsha.exe
O4 - HKLM\..\Run: [gvtpagc] C:\WINDOWS\system32\gvtpagc.exe
O4 - HKLM\..\Run: [rmxfxppwael] C:\WINDOWS\system32\rmxfxppwael.exe
O4 - HKLM\..\Run: [gvhtvgimflk] C:\WINDOWS\system32\gvhtvgimflk.exe
O4 - HKLM\..\Run: [cgygydizxe] C:\WINDOWS\system32\cgygydizxe.exe
O4 - HKLM\..\Run: [ispuitfp] C:\WINDOWS\system32\ispuitfp.exe
O4 - HKLM\..\Run: [qgzxnbrd] C:\WINDOWS\system32\qgzxnbrd.exe
O4 - HKLM\..\Run: [jlqkpylafm] C:\WINDOWS\system32\jlqkpylafm.exe
O4 - HKLM\..\Run: [zwhuvbjjzw] C:\WINDOWS\system32\zwhuvbjjzw.exe
O4 - HKLM\..\Run: [wmssacrzhrwd] C:\WINDOWS\system32\wmssacrzhrwd.exe
O4 - HKLM\..\Run: [nwyvvuu] C:\WINDOWS\system32\nwyvvuu.exe
O4 - HKLM\..\Run: [kralxeu] C:\WINDOWS\system32\kralxeu.exe
O4 - HKLM\..\Run: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\Run: [yrfxda] C:\WINDOWS\system32\yrfxda.exe
O4 - HKCU\..\Run: [Bjl] C:\WINDOWS\system32\n?tdde.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\SSTEM3~1\smss.exe" -vt ndrv
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe

3. Close all open browsers and windows, except HijackThis. Then select fix checked . Then close HijackThis.

==========

Rename Hijackthis

1. Locate the program Hijackthis.
2. Select the file, right-click and select Rename.
3. Please change the name to: jamielaw
4. Then please could you post a new Hijackthis log.

==========

How is your computer running now - Does ComboFix work now? Can you get the Uninstall List yet?

==========

Jamie :thumbsup:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#5 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 21 June 2007 - 10:55 PM

Here is the combofix list:
ComboFix 07-06-21 - C:\Program Files\Combofix\ComboFix.exe
"Owner" - 2007-06-21 22:41:01 - Service Pack 2 NTFS


Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\aalelvjm.dll
C:\WINDOWS\system32\aedcwhco.dll
C:\WINDOWS\system32\blymjbcc.dll
C:\WINDOWS\system32\hapdxuou.dll
C:\WINDOWS\system32\iqsyyaat.dll
C:\WINDOWS\system32\jhmransb.dll
C:\WINDOWS\system32\klgjshgd.dll
C:\WINDOWS\system32\nquroblk.dll
C:\WINDOWS\system32\ogjvupkb.dll
C:\WINDOWS\system32\oksltala.dll
C:\WINDOWS\system32\qpqpvgwq.dll
C:\WINDOWS\system32\spexinxw.dll
C:\WINDOWS\system32\timfkfib.dll
C:\WINDOWS\system32\wfmdatfa.dll
C:\WINDOWS\system32\yurqipvx.dll
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\adeeg.tmp
C:\WINDOWS\system32\ochwcdea.ini
C:\WINDOWS\system32\ccbjmylb.ini
C:\WINDOWS\system32\uouxdpah.ini
C:\WINDOWS\system32\bsnarmhj.ini
C:\WINDOWS\system32\klboruqn.ini
C:\WINDOWS\system32\bkpuvjgo.ini
C:\WINDOWS\system32\alatlsko.ini
C:\WINDOWS\system32\wxnixeps.ini
C:\WINDOWS\system32\xvpiqruy.ini
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\adeeg.tmp
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\adeeg.tmp
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\qommllm.dll
C:\WINDOWS\$NtServicePackUninstall$\exp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1.\appatc~1
C:\DOCUME~1\Owner\APPLIC~1.\asks~1
C:\DOCUME~1\Owner\APPLIC~1.\racle~1
C:\DOCUME~1\Owner\APPLIC~1.\scurit~1
C:\DOCUME~1\Owner\APPLIC~1.\sembly~1
C:\DOCUME~1\Owner\APPLIC~1.\smante~1
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-518.0000
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-518.0001
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-518.0002
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-518.0003
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-518.0004
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0000
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0001
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0002
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0003
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0004
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0005
C:\DOCUME~1\Owner\APPLIC~1.\sstem3~1\SSTEM3~1\ctxad-530.0006
C:\DOCUME~1\Owner\APPLIC~1.\ymante~1
C:\DOCUME~1\Owner\MYDOCU~1.\crosof~1.net
C:\DOCUME~1\Owner\MYDOCU~1.\icroso~1
C:\DOCUME~1\Owner\MYDOCU~1.\icroso~2
C:\DOCUME~1\Owner\MYDOCU~1.\mbols~1
C:\DOCUME~1\Owner\MYDOCU~1.\pppatc~1
C:\DOCUME~1\Owner\MYDOCU~1.\sembly~1
C:\DOCUME~1\Owner\MYDOCU~1.\ystem~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\crosof~1.net
C:\Program Files\fnts~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\pppatc~1
C:\Program Files\sks~1
C:\Program Files\sstem~1
C:\Program Files\ymbols~1
C:\WINDOWS\$NtServicePackUninstall$\ntp2.ini
C:\WINDOWS\mbols~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\d.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\j.exe
C:\WINDOWS\system32\m.exe
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\r.exe
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\wapisu.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x.exe


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 23:28 78,848 --a------ C:\WINDOWS\system32\tyu.exe
2007-06-21 22:15 189,440 --a------ C:\WINDOWS\system32\ifl.exe
2007-06-21 22:06 <DIR> d-------- C:\Program Files\RogueRemover
2007-06-21 21:50 119,808 --a------ C:\WINDOWS\system32\wpzsg.exe
2007-06-21 21:02 131,124 --a------ C:\WINDOWS\system32\ijhxuugd.dll
2007-06-21 21:02 111,616 --a------ C:\WINDOWS\system32\zougny.exe
2007-06-21 20:58 122,900 --a------ C:\WINDOWS\system32\vdjoryav.exe
2007-06-21 20:31 168,960 --a------ C:\WINDOWS\system32\ji.exe
2007-06-20 21:38 115,712 --a------ C:\WINDOWS\system32\juwucruhxqyw.exe
2007-06-20 21:17 152,576 --a------ C:\WINDOWS\system32\mijbvhlhf.exe
2007-06-20 20:20 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 22:48 <DIR> d-------- C:\Program Files\Spyware Blaster
2007-06-19 21:46 <DIR> d-------- C:\Program Files\jamielaw
2007-06-19 21:28 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-06-19 21:20 87,040 --a------ C:\WINDOWS\system32\yrfxda.exe
2007-06-19 21:14 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-19 21:14 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-19 21:14 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-19 21:14 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-19 21:14 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-19 21:14 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-19 21:14 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-19 21:08 <DIR> d-------- C:\Program Files\Sygate
2007-06-19 07:09 <DIR> d-------- C:\Program Files\McAfee Stinger
2007-06-18 14:39 78,848 --a------ C:\WINDOWS\system32\gskkmtusw.exe
2007-06-18 03:15 177,152 --a------ C:\WINDOWS\system32\tzro.exe
2007-06-18 03:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 03:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-17 22:15 189,440 --a------ C:\WINDOWS\system32\kralxeu.exe
2007-06-17 22:14 189,440 --a------ C:\WINDOWS\system32\uusleyb.exe
2007-06-17 22:13 189,440 --a------ C:\WINDOWS\system32\iuuxkegqhikp.exe
2007-06-17 17:33 189,440 --a------ C:\WINDOWS\system32\nwyvvuu.exe
2007-06-17 12:18 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DefragMentor Premium
2007-06-17 12:13 189,440 --a------ C:\WINDOWS\system32\wmssacrzhrwd.exe
2007-06-17 11:51 <DIR> d-------- C:\Program Files\DefragMentor
2007-06-16 20:51 181,248 --a------ C:\WINDOWS\system32\abjwjjyyu.exe
2007-06-16 19:19 <DIR> d-------- C:\Program Files\New Folder (3)
2007-06-16 14:15 87,040 --a------ C:\WINDOWS\system32\gq.exe
2007-06-16 13:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-16 13:02 <DIR> d-------- C:\Program Files\PC Doctor
2007-06-16 09:14 181,248 --a------ C:\WINDOWS\system32\zwhuvbjjzw.exe
2007-06-16 09:14 156,672 --a------ C:\WINDOWS\system32\evpmjbvqsqsd.exe
2007-06-16 09:13 111,616 --a------ C:\WINDOWS\system32\jlqkpylafm.exe
2007-06-15 07:20 140,288 --a------ C:\WINDOWS\system32\poyyojqfvs.exe
2007-06-14 03:16 140,288 --a------ C:\WINDOWS\system32\qgzxnbrd.exe
2007-06-12 21:04 144,384 --a------ C:\WINDOWS\system32\ispuitfp.exe
2007-06-12 15:18 173,056 --a------ C:\WINDOWS\system32\cgygydizxe.exe
2007-06-12 07:58 168,960 --a------ C:\WINDOWS\system32\gvhtvgimflk.exe
2007-06-10 19:23 99,328 --a------ C:\WINDOWS\system32\rmxfxppwael.exe
2007-06-10 10:18 95,232 --a------ C:\WINDOWS\system32\gvtpagc.exe
2007-06-10 03:13 95,232 --a------ C:\WINDOWS\system32\aeiqsjvlwsha.exe
2007-06-09 09:50 99,328 --a------ C:\WINDOWS\system32\bg.exe
2007-06-09 06:24 103,424 --a------ C:\WINDOWS\system32\fkcvkugcyvuy.exe
2007-06-09 01:28 103,424 --a------ C:\WINDOWS\system32\nahar.exe
2007-06-08 16:49 99,328 --a------ C:\WINDOWS\system32\tqewoyj.exe
2007-06-08 16:49 99,328 --a------ C:\aolx.exe
2007-06-08 16:47 99,328 --a------ C:\WINDOWS\system32\ydeousubtt.exe
2007-06-07 21:10 87,040 --a------ C:\WINDOWS\system32\xfpwfccghy.exe
2007-06-07 20:29 87,040 --a------ C:\WINDOWS\system32\vqtaej.exe
2007-06-07 20:29 87,040 --a------ C:\aim5.exe
2007-06-07 20:26 87,040 --a------ C:\WINDOWS\system32\xmxeiirtyx.exe
2007-06-07 18:17 87,040 --a------ C:\WINDOWS\system32\ungjjttrsccv.exe
2007-06-07 17:09 87,040 --a------ C:\WINDOWS\system32\nkqvzb.exe
2007-06-07 17:09 87,040 --a------ C:\aimX.exe
2007-06-07 17:03 87,040 --a------ C:\WINDOWS\system32\ocer.exe
2007-06-07 13:54 87,040 --a------ C:\WINDOWS\system32\ewyfneyq.exe
2007-06-07 13:53 87,040 --a------ C:\WINDOWS\system32\jnvqjekvkt.exe
2007-06-07 13:51 87,040 --a------ C:\WINDOWS\system32\ckvfecchnaam.exe
2007-06-07 13:50 87,040 --a------ C:\WINDOWS\system32\smopjwvuco.exe
2007-06-06 23:15 99,328 --a------ C:\bootloaderX.exe
2007-06-06 23:13 99,328 --a------ C:\installer.exe
2007-06-06 17:01 66,560 --a------ C:\WINDOWS\system32\bxsraavf.exe
2007-06-06 16:49 66,560 --a------ C:\WINDOWS\system32\vzau.exe
2007-06-06 15:33 66,560 --a------ C:\WINDOWS\system32\qcozqg.exe
2007-06-06 15:32 66,560 --a------ C:\WINDOWS\system32\xjjsnygnx.exe
2007-06-06 15:06 66,560 --a------ C:\WINDOWS\system32\xmqoemsnq.exe
2007-06-06 15:01 66,560 --a------ C:\WINDOWS\system32\ueyutvzv.exe
2007-06-06 15:00 66,560 --a------ C:\WINDOWS\system32\vthtzbvsavyl.exe
2007-06-06 14:51 66,560 --a------ C:\WINDOWS\system32\uvwgjog.exe
2007-06-06 14:46 66,560 --a------ C:\WINDOWS\system32\ktfnvr.exe
2007-06-06 14:45 66,560 --a------ C:\WINDOWS\system32\tuz.exe
2007-06-06 06:25 66,560 --a------ C:\WINDOWS\system32\xo.exe
2007-06-05 20:18 66,560 --a------ C:\WINDOWS\system32\ltjdtnvf.exe
2007-06-05 17:57 66,560 --a------ C:\WINDOWS\system32\cgwq.exe
2007-06-05 16:55 66,560 --a------ C:\WINDOWS\system32\qzhgfslnndnm.exe
2007-06-05 16:52 66,560 --a------ C:\WINDOWS\system32\tn.exe
2007-06-05 16:52 66,560 --a------ C:\loaderRS.exe
2007-06-05 16:49 66,560 --a------ C:\WINDOWS\system32\sd.exe
2007-06-05 16:49 66,560 --a------ C:\loaderXS.exe
2007-06-05 15:33 66,560 --a------ C:\openX.exe
2007-06-05 15:24 66,560 --a------ C:\WINDOWS\system32\cnurtstbzq.exe
2007-06-05 12:04 66,560 --a------ C:\WINDOWS\system32\nxtnkikwdy.exe
2007-06-05 12:00 66,560 --a------ C:\WINDOWS\system32\yitl.exe
2007-06-05 11:59 66,560 --a------ C:\WINDOWS\system32\ak.exe
2007-06-04 17:57 66,560 --a------ C:\WINDOWS\system32\cefmft.exe
2007-06-04 17:34 66,560 --a------ C:\WINDOWS\system32\ryjyznf.exe
2007-06-04 17:34 66,560 --a------ C:\WINDOWS\system32\myzgwdv.exe
2007-06-04 17:31 66,560 --a------ C:\WINDOWS\system32\alwjyvd.exe
2007-06-04 17:25 66,560 --a------ C:\WINDOWS\system32\iar.exe
2007-06-04 17:22 66,560 --a------ C:\WINDOWS\system32\nndpgcnwqc.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 03:25:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-06-22 00:49:30 -------- d-----w C:\Program Files\DL_cats
2007-06-21 02:05:47 -------- d-----w C:\Program Files\Adaware
2007-06-20 04:41:10 -------- d-----w C:\Program Files\Dell Computer
2007-06-20 03:36:27 -------- d-----w C:\Program Files\Jasc Software Inc
2007-06-20 03:26:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 07:08:40 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-03 03:13:22 -------- d-----w C:\Program Files\iTunes
2007-06-03 03:03:43 -------- d-----w C:\Program Files\Quicktime
2007-06-03 02:49:26 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 07:10:59 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-10 15:22:20 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
2002-08-29 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-04 07:56:44 553,472 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56:55 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{94397E1F-B0A9-C275-F3A9-B4DEB4B55892}=C:\WINDOWS\system32\obgp.dll []
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{AF4EC832-0DD7-795D-D93B-5D9090D73ECF}=C:\WINDOWS\system32\alkye.dll []
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-03 09:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" []
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-05-19 14:55]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-05-09 16:32]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 10:57]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 07:23]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-10 11:21]
"OE"="C:\Program Files\SPAM\TMAS_OEMon.exe" [2005-12-29 17:38]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-19 21:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-06 09:49]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\SOUNDMAN.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 11:52 C:\WINDOWS\ltmsg.exe]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"tyu"="C:\WINDOWS\system32\tyu.exe" [2007-06-21 23:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe" [2004-09-22 16:10]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 09:00]
"Aim6"="" []
"DDC"="C:\WINDOWS\system32\vdjoryav.exe" [2007-06-21 20:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"mijbvhlhf"=C:\WINDOWS\system32\mijbvhlhf.exe
"juwucruhxqyw"=C:\WINDOWS\system32\juwucruhxqyw.exe
"ji"=C:\WINDOWS\system32\ji.exe
"zougny"=C:\WINDOWS\system32\zougny.exe
"x"=C:\WINDOWS\system32\x.exe
"wpzsg"=C:\WINDOWS\system32\wpzsg.exe
"ifl"=C:\WINDOWS\system32\ifl.exe
"tyu"=C:\WINDOWS\system32\tyu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-aware]
"C:\PROGRA~1\Adaware\AD-AWA~1\Ad-aware.exe" +c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
C:\Documents and Settings\Owner\Application Data\eber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimum Online]
C:\Program Files\Optimum Online\Netsurf.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]
C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcinstaller]
c:\installer\id53.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa]
C:\PROGRA~1\COMMON~1\tsa\tsm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\W9]
C:\documents and settings\owner\local settings\temp\W9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


Contents of the 'Scheduled Tasks' folder
2007-06-19 00:25:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 23:29:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 23:35:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-21 23:35

--- E O F ---

Here is the uninstall list:

3D Groove Playback Engine
ABBYY FineReader 6.0 Sprint Plus
ACDSee
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 8
AIM 6.0
AIM+ (remove only)
AOL Instant Messenger
Apple Software Update
ASUSDVD
BitDefender Antivirus v10
CaptureView 2.0D FW Update
CCHelp
CCScore
Compaq Connections
Compaq Organize
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DefragMentor Premium 2.0
Dell Photo AIO Printer 962
DiscAPI (Studio 10)
DivX Player
DivX Pro Codec Adware
Entriq MediaSphere 3.4.0.15
ESPN RunTime
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Flash DVD Ripper
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPSFO
Hollywood FX 5.5 Additional Effects
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
HP Photo Imaging Software
HP Photo Printing Software
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD
iTunes
Kodak EasyShare software
KSU
Logitech Gaming Software
LogViewer
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Outlook Web Access S/MIME
Microsoft Picture It! Express 2001
Microsoft Plus! Digital Media Edition
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Microsoft Zoo Tycoon
Move Networks Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
Nero Suite
Notifier
NVIDIA Drivers
NVIDIA Gart Driver
OfotoXMI
OmniPass
Optimum Online net guide
OTtBP
OTtBPSDK
Outerinfo
PCDLNCH
PC-Doctor for Windows
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Print to Fax
proDAD Heroglyph 1.0
proDAD Heroglyph 2.0
proDAD Heroglyph 2.5
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Pyware iPAS
Quicken 2003 New User Edition
QuickTime
RAPID (Studio 10)
RealArcade
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
RecordNow!
RogueRemover 1.20
Roll
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SFR
SFR2
Shockwave
SmartMusic 9
SmartSound Quicktracks Plugin
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Studio 10
Studio 10 Bonus DVD
Studio 9 Content CD/DVD
Sygate Personal Firewall
Symantec KB-DocID:2003093015493306
The Print Shop
Trend Micro Anti-Spam For Outlook Express
TVTonic
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
URGE
VCAMCEN
VersionTracker Pro for Windows
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
ZENcast Organizer

Here is the new Hijackthis log under jaimelaw:

Logfile of HijackThis v1.99.1
Scan saved at 11:39:51 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\vdjoryav.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tyu.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SPAM\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SPAM\TMAS_OE.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\jamielaw\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {94397E1F-B0A9-C275-F3A9-B4DEB4B55892} - C:\WINDOWS\system32\obgp.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AF4EC832-0DD7-795D-D93B-5D9090D73ECF} - C:\WINDOWS\system32\alkye.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKLM\..\RunServices: [mijbvhlhf] C:\WINDOWS\system32\mijbvhlhf.exe
O4 - HKLM\..\RunServices: [juwucruhxqyw] C:\WINDOWS\system32\juwucruhxqyw.exe
O4 - HKLM\..\RunServices: [ji] C:\WINDOWS\system32\ji.exe
O4 - HKLM\..\RunServices: [zougny] C:\WINDOWS\system32\zougny.exe
O4 - HKLM\..\RunServices: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\RunServices: [wpzsg] C:\WINDOWS\system32\wpzsg.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\system32\ifl.exe
O4 - HKLM\..\RunServices: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\vdjoryav.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vdjoryav.exe
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (iyddkuaetnuu6) - Unknown owner - C:\WINDOWS\system32\tyu.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

more:

1) you mentioned not running two antivirus programs... I wasn't aware that I was... I used to run Norton, but got rid of it I thought and installed BitDefender

2) I ran Suspicious File Packer and submitted the files like you explained

3) I ran rr-free-setup.exe and it reported that everything was OK so it didn't produce a file

4) I don't know if this means anything, and didn't mention this before, but my clock was mysteriously running in military time and it did not give me an option to switch it back to the way I had it... BUT since I just completed all of your tasks, my clock is back to normal...

5) Finally, yes my computer seems to be running better and no pop ups have serviced for the entire time I am creating this message... a good sign I think?... I did notice my BitDefender giving me several messages that it has blocked a potential virus and I did notice it blocking Fotomoto and Vundo... what does this mean?

Thanks for your help... I look forward to hearing back from you with your findings...

#6 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 22 June 2007 - 11:33 AM

Hey romeomj

Thanks alot for the notes at the bottom - it makes it alot easier for me :thumbsup:

4) I don't know if this means anything, and didn't mention this before, but my clock was mysteriously running in military time and it did not give me an option to switch it back to the way I had it... BUT since I just completed all of your tasks, my clock is back to normal...


One of the tools you ran....ComboFix...does that. Nothing to worry about and as you said it should revert back afterwards.

5) Finally, yes my computer seems to be running better and no pop ups have serviced for the entire time I am creating this message... a good sign I think?... I did notice my BitDefender giving me several messages that it has blocked a potential virus and I did notice it blocking Fotomoto and Vundo... what does this mean?


Your not quite there yet. The infections on your computer regenerate more infections so we need to do one big fix after this post - after that we should be making some headway.

==========

Uninstall Bad/Unnecessary Programs

1. Click Start >> Control Panel >> Add/Remove Programs

2. Select each of these programs, click Remove and follow the prompts to uninstall them:

Outerinfo
Symantec KB-DocID:2003093015493306
Viewpoint Manager (Remove Only)
Viewpoint Toolbar


==========

Delete Files

Please download KillBox.exe (by Option^Explicit)

Note : In the event you already have Killbox, this is a new version that I need you to download.

Double-click Killbox.exe to run it. Select Delete on Reboot, then select All Files. Then copy and paste this list of files:

C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\system32\vebgwh.exe
C:\WINDOWS\system32\msgjlspmklxc.exe
C:\WINDOWS\system32\envuthtmyr.exe
C:\WINDOWS\system32\cgwq.exe
C:\WINDOWS\system32\ltjdtnvf.exe
C:\WINDOWS\system32\j.exe
C:\WINDOWS\system32\xo.exe
C:\WINDOWS\system32\fkcvkugcyvuy.exe
C:\WINDOWS\system32\bg.exe
C:\WINDOWS\system32\aeiqsjvlwsha.exe
C:\WINDOWS\system32\gvtpagc.exe
C:\WINDOWS\system32\rmxfxppwael.exe
C:\WINDOWS\system32\gvhtvgimflk.exe
C:\WINDOWS\system32\cgygydizxe.exe
C:\WINDOWS\system32\ispuitfp.exe
C:\WINDOWS\system32\qgzxnbrd.exe
C:\WINDOWS\system32\jlqkpylafm.exe
C:\WINDOWS\system32\zwhuvbjjzw.exe
C:\WINDOWS\system32\wmssacrzhrwd.exe
C:\WINDOWS\system32\nwyvvuu.exe
C:\WINDOWS\system32\kralxeu.exe
C:\WINDOWS\system32\x.exe
C:\WINDOWS\system32\yrfxda.exe
C:\WINDOWS\system32\n?tdde.exe
C:\DOCUME~1\Owner\APPLIC~1\SSTEM3~1\smss.exe
C:\WINDOWS\repair\nfosvc.exe
C:\WINDOWS\Config\service.exe
C:\WINDOWS\system32\vdjoryav.exe
C:\WINDOWS\system32\tyu.exe
C:\WINDOWS\system32\mijbvhlhf.exe
C:\WINDOWS\system32\juwucruhxqyw.exe
C:\WINDOWS\system32\ji.exe
C:\WINDOWS\system32\zougny.exe
C:\WINDOWS\system32\wpzsg.exe
C:\WINDOWS\system32\ifl.exe
C:\WINDOWS\system32\vdjoryav.exe


Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

Note : Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!)

==========

Msconfig

Its important that we know which files are loading when your computer starts up. Disabling items on startup only makes the process longer because we can't see what we are dealing with.

1. Click Start, select Run and type: msconfig
2. Select the General tab and choose Normal Startup - load all device drivers and services.
3. Click Apply and OK but DO NOT REBOOT!

If you reboot your computer any malicious files will only infect your system more!

==========

Please can you then post a fresh Hijackthis log.

==========

Jamie :flowers:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#7 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 22 June 2007 - 06:49 PM

1) I was able to remove all of the programs you asked except one - Symantec KB-DocID:2003093015493306 - it was not listed in my add/remove program list.

2) Killbox.exe was successful

3) when can I get off of the Normal Startup - load all device drivers and services prompt and set it to where it was?

Here is a fresh HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 7:43:18 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SPAM\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\jamielaw\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {94397E1F-B0A9-C275-F3A9-B4DEB4B55892} - C:\WINDOWS\system32\obgp.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AF4EC832-0DD7-795D-D93B-5D9090D73ECF} - C:\WINDOWS\system32\alkye.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [W9] C:\documents and settings\owner\local settings\temp\W9.exe
O4 - HKLM\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Adaware\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\RunServices: [mijbvhlhf] C:\WINDOWS\system32\mijbvhlhf.exe
O4 - HKLM\..\RunServices: [juwucruhxqyw] C:\WINDOWS\system32\juwucruhxqyw.exe
O4 - HKLM\..\RunServices: [ji] C:\WINDOWS\system32\ji.exe
O4 - HKLM\..\RunServices: [zougny] C:\WINDOWS\system32\zougny.exe
O4 - HKLM\..\RunServices: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\RunServices: [wpzsg] C:\WINDOWS\system32\wpzsg.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\system32\ifl.exe
O4 - HKLM\..\RunServices: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\vdjoryav.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vdjoryav.exe (file missing)
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#8 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 24 June 2007 - 01:38 PM

Hey romeomj

3) when can I get off of the Normal Startup - load all device drivers and services prompt and set it to where it was?


Its important that you make sure Normal Startup is selected at all times throughout the fix. After we have solved your malware problems we will deal with speed isues.

==========

Clean Out Temporary Files

Please download ATF Cleaner (by Atribune)

Double-click ATF-Cleaner.exe to run it.

Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
Note : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
Note : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

==========

Kaspersky Online Scanner

Go to http://www.kaspersky.com/virusscanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.
==========

Jamie :thumbsup:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#9 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 June 2007 - 06:24 PM

By the way... thanks for all your help....

Here is the info you requested:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 25, 2007 7:14:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/06/2007
Kaspersky Anti-Virus database records: 352078
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 134603
Number of viruses found: 19
Number of infected objects: 191 / 0
Number of suspicious objects: 2
Duration of the scan process: 05:20:33

Infected Object Name / Virus Name / Last Action
C:\!KillBox\aeiqsjvlwsha.exe Infected: Trojan.Win32.Agent.amh skipped
C:\!KillBox\bg.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\cgwq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\cgygydizxe.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\envuthtmyr.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\fkcvkugcyvuy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\gvhtvgimflk.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\!KillBox\gvtpagc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\ispuitfp.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\jlqkpylafm.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\kralxeu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\ltjdtnvf.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\msgjlspmklxc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\nwyvvuu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\qgzxnbrd.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\rmxfxppwael.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\service.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\vebgwh.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\wmssacrzhrwd.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\xo.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\yrfxda.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\vdjoryav.exe Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MQBO8E6F\iss[1].gm Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MQBO8E6F\rss11[1].ms Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\VersionTracker Pro\vtlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/repair/nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/Config/service.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/vebgwh.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/msgjlspmklxc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/envuthtmyr.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/cgwq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/ltjdtnvf.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/j.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/xo.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/fkcvkugcyvuy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/bg.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/aeiqsjvlwsha.exe Infected: Trojan.Win32.Agent.amh skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/gvtpagc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/rmxfxppwael.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/gvhtvgimflk.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/cgygydizxe.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/ispuitfp.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/qgzxnbrd.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/jlqkpylafm.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/wmssacrzhrwd.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/nwyvvuu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/kralxeu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/x.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/yrfxda.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/repair/nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/Config/service.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab CAB: infected - 26 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007062420070625\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\ekfobdkq.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\iqvyeouq.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET2D5A.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\labityqn.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\nmiehnvt.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\otgeokuk.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\qwvtjgji.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\xqhcaxqn.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF1154.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IFJCC00F\movie[1].qtl Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\loaderRS.exe Infected: Trojan.Win32.Agent.ame skipped
C:\loaderXS.exe Infected: Trojan.Win32.Agent.ame skipped
C:\openX.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Divx\DivXPro511Adware.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Program Files\Divx\DivXPro511Adware.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Program Files\Divx\DivXPro511Adware.exe NSIS: infected - 2 skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\exp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aalelvjm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aedcwhco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\blymjbcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\d.exe.vir Infected: Trojan.Win32.Agent.ame skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geeda.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hapdxuou.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\i.exe.vir Infected: Trojan.Win32.Agent.ame skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iqsyyaat.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\j.exe.vir Infected: Trojan.Win32.Agent.ame skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jhmransb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\klgjshgd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\m.exe.vir Infected: Trojan.Win32.Agent.ame skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nquroblk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ogjvupkb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oksltala.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qommllm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqpvgwq.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spexinxw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\timfkfib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wfmdatfa.dll.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\x.exe.vir Infected: Trojan.Win32.Agent.ame skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yurqipvx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0241245.dll Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242253.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242254.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242255.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242256.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242257.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP742\A0243346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP742\A0243347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP744\A0244380.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP746\A0246401.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP747\A0246481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP747\A0247481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0248481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0248499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0249499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0250499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0251499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP749\A0264582.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP750\A0264860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP750\A0264871.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP751\A0265871.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP752\A0265902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP752\A0265924.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0266108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0266109.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268127.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268199.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268200.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268201.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268202.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268204.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268214.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268215.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268221.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268224.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268225.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268304.dll Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268356.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268357.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268358.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268359.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268360.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268361.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268362.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268363.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268364.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268365.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268366.exe Infected: Trojan.Win32.Agent.amh skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268367.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268368.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268369.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268370.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268371.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268372.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268373.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268375.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268376.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268377.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268378.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\change.log Object is locked skipped
C:\upd001.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd02001.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0201.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0301.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0401.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd05001.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0501.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0601.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0701.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd08001.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0801.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd09001.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\upd0901.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\ATPartners.inf Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ak.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\bxsraavf.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\c17b6s.dll/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\system32\c17b6s.dll/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\system32\c17b6s.dll/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\system32\c17b6s.dll/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\system32\c17b6s.dll/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\WINDOWS\system32\c17b6s.dll/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\WINDOWS\system32\c17b6s.dll NSIS: infected - 6 skipped
C:\WINDOWS\system32\c17b6s.dll Exe2Dll: infected - 6 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cnurtstbzq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.bak Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.bho Object is locked skipped
C:\WINDOWS\system32\gq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iuuxkegqhikp.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\WINDOWS\system32\ktfnvr.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\nahar.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\nsyufoigecmz.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\nxtnkikwdy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\qcozqg.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\qzhgfslnndnm.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\scenicid.exe Infected: Trojan.Win32.StartPage.ame skipped
C:\WINDOWS\system32\sd.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\tn.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\tuz.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\ueyutvzv.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\uusleyb.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\WINDOWS\system32\uvwgjog.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\vthtzbvsavyl.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\vzau.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wsokcdgo.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\xjjsnygnx.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\xmqoemsnq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\yitl.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat Object is locked skipped
C:\WINDOWS\Temp\tmp00003888\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\change.log Object is locked skipped

Scan process completed.

Now my latest HJT list:

Logfile of HijackThis v1.99.1
Scan saved at 7:15:57 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SPAM\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\jamielaw\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {94397E1F-B0A9-C275-F3A9-B4DEB4B55892} - C:\WINDOWS\system32\obgp.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AF4EC832-0DD7-795D-D93B-5D9090D73ECF} - C:\WINDOWS\system32\alkye.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [W9] C:\documents and settings\owner\local settings\temp\W9.exe
O4 - HKLM\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Adaware\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [mijbvhlhf] C:\WINDOWS\system32\mijbvhlhf.exe
O4 - HKLM\..\RunServices: [juwucruhxqyw] C:\WINDOWS\system32\juwucruhxqyw.exe
O4 - HKLM\..\RunServices: [ji] C:\WINDOWS\system32\ji.exe
O4 - HKLM\..\RunServices: [zougny] C:\WINDOWS\system32\zougny.exe
O4 - HKLM\..\RunServices: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\RunServices: [wpzsg] C:\WINDOWS\system32\wpzsg.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\system32\ifl.exe
O4 - HKLM\..\RunServices: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\vdjoryav.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vdjoryav.exe (file missing)
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#10 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 27 June 2007 - 02:03 AM

Hey romeomj

Panda ActiveScan
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#11 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 28 June 2007 - 06:12 AM

here is my Activescan report:

Incident Status Location

Adware:adware/transponder Not disinfected c:\windows\system32\c17b6s.dll
Adware:adware/ncase Not disinfected c:\temp\FLEOK
Adware:adware/wupd Not disinfected c:\program files\Admilli Service
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/searchrelevancy Not disinfected c:\program files\SearchRelevant
Adware:adware/wintools Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/portalscan Not disinfected Windows Registry
Adware:adware/sidestep Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
Virus:Malware Generic Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\Config\service.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\vebgwh.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\msgjlspmklxc.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\envuthtmyr.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\cgwq.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\ltjdtnvf.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\j.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\xo.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\fkcvkugcyvuy.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\bg.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\aeiqsjvlwsha.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\rmxfxppwael.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\cgygydizxe.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\ispuitfp.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\qgzxnbrd.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\x.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\system32\yrfxda.exe]
Virus:Malware Generic Not disinfected C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab[C:\WINDOWS\Config\service.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Trj/Downloader.MDW Disinfected C:\loaderRS.exe
Virus:Trj/Downloader.MDW Disinfected C:\loaderXS.exe
Virus:Trj/Downloader.MDW Disinfected C:\openX.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Program Files\Combofix\ComboFix.exe[nircmd.exe]
Adware:Adware/Gator Not disinfected C:\Program Files\Divx\DivXPro511Adware.exe[Gain_Trickler.exe]
Adware:Adware/MediaTickets Not disinfected C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aalelvjm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aedcwhco.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\blymjbcc.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\d.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\hapdxuou.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\i.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iqsyyaat.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\j.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jhmransb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\klgjshgd.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\m.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nquroblk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ogjvupkb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oksltala.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qommllm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qpqpvgwq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\spexinxw.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\timfkfib.dll.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\x.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\yurqipvx.dll.vir
Virus:Malware Generic Disinfected C:\upd001.exe
Virus:Malware Generic Disinfected C:\upd02001.exe
Virus:Malware Generic Disinfected C:\upd0201.exe
Virus:Malware Generic Disinfected C:\upd0301.exe
Virus:Malware Generic Disinfected C:\upd0401.exe
Virus:Malware Generic Disinfected C:\upd05001.exe
Virus:Malware Generic Disinfected C:\upd0501.exe
Virus:Malware Generic Disinfected C:\upd0601.exe
Virus:Malware Generic Disinfected C:\upd0701.exe
Virus:Malware Generic Disinfected C:\upd08001.exe
Virus:Malware Generic Disinfected C:\upd0801.exe
Virus:Malware Generic Disinfected C:\upd09001.exe
Virus:Malware Generic Disinfected C:\upd0901.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi6.inf
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\ak.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\bxsraavf.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\cnurtstbzq.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\gq.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\ktfnvr.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\nahar.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\nsyufoigecmz.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\nxtnkikwdy.exe
Virus:Trj/Downloader.OA Disinfected C:\WINDOWS\system32\O
Virus:Trj/Downloader.OA Disinfected C:\WINDOWS\system32\O.BAT
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\qcozqg.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\qzhgfslnndnm.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\sd.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\tn.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\tuz.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\ueyutvzv.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\uvwgjog.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\vthtzbvsavyl.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\vzau.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\wsokcdgo.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\xjjsnygnx.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\xmqoemsnq.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\yitl.exe

#12 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 02 July 2007 - 12:14 AM

Hey romeomj

Please could you post a Hijackthis log

Jamie :thumbsup:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#13 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 02 July 2007 - 09:03 PM

here is my latest HJT report: look forward to hearing from you soon... thank you.

Logfile of HijackThis v1.99.1
Scan saved at 9:52:28 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SPAM\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\jamielaw\HijackThis.exe
C:\WINDOWS\system32\freecell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {94397E1F-B0A9-C275-F3A9-B4DEB4B55892} - C:\WINDOWS\system32\obgp.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AF4EC832-0DD7-795D-D93B-5D9090D73ECF} - C:\WINDOWS\system32\alkye.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [W9] C:\documents and settings\owner\local settings\temp\W9.exe
O4 - HKLM\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Adaware\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [mijbvhlhf] C:\WINDOWS\system32\mijbvhlhf.exe
O4 - HKLM\..\RunServices: [juwucruhxqyw] C:\WINDOWS\system32\juwucruhxqyw.exe
O4 - HKLM\..\RunServices: [ji] C:\WINDOWS\system32\ji.exe
O4 - HKLM\..\RunServices: [zougny] C:\WINDOWS\system32\zougny.exe
O4 - HKLM\..\RunServices: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\RunServices: [wpzsg] C:\WINDOWS\system32\wpzsg.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\system32\ifl.exe
O4 - HKLM\..\RunServices: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\vdjoryav.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vdjoryav.exe (file missing)
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#14 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 06 July 2007 - 03:42 PM

Hey romeomj

Have you paid for BitDefender? Please can you make sure the definitions are updated. Please empty the quarantine for BitDefender aswell.

Fix these Hijackthis Items

1. Open HijackThis and select the Do a system scan only option.
2. Place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/
O2 - BHO: (no name) - {94397E1F-B0A9-C275-F3A9-B4DEB4B55892} - C:\WINDOWS\system32\obgp.dll (file missing)O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {AF4EC832-0DD7-795D-D93B-5D9090D73ECF} - C:\WINDOWS\system32\alkye.dll (file missing)
O4 - HKLM\..\Run: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKLM\..\Run: [W9] C:\documents and settings\owner\local settings\temp\W9.exe
O4 - HKLM\..\Run: [Tsa] C:\PROGRA~1\COMMON~1\tsa\tsm.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\RunServices: [mijbvhlhf] C:\WINDOWS\system32\mijbvhlhf.exe
O4 - HKLM\..\RunServices: [juwucruhxqyw] C:\WINDOWS\system32\juwucruhxqyw.exe
O4 - HKLM\..\RunServices: [ji] C:\WINDOWS\system32\ji.exe
O4 - HKLM\..\RunServices: [zougny] C:\WINDOWS\system32\zougny.exe
O4 - HKLM\..\RunServices: [x] C:\WINDOWS\system32\x.exe
O4 - HKLM\..\RunServices: [wpzsg] C:\WINDOWS\system32\wpzsg.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\system32\ifl.exe
O4 - HKLM\..\RunServices: [tyu] C:\WINDOWS\system32\tyu.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\vdjoryav.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vdjoryav.exe (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe (file missing)
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

3. Close all open browsers and windows, except HijackThis. Then select fix checked . Then close HijackThis.

Using the instructions I gave you earlier for Killbox please repeat them for these files/folders:

C:\Documents and Settings\Owner\Local Settings\Temp\ekfobdkq.exe
C:\Documents and Settings\Owner\Local Settings\Temp\iqvyeouq.dll
C:\Documents and Settings\Owner\Local Settings\Temp\JET2D5A.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\labityqn.exe
C:\Documents and Settings\Owner\Local Settings\Temp\nmiehnvt.exe
C:\Documents and Settings\Owner\Local Settings\Temp\otgeokuk.exe
C:\Documents and Settings\Owner\Local Settings\Temp\qwvtjgji.dll
C:\Documents and Settings\Owner\Local Settings\Temp\xqhcaxqn.exe
C:\Documents and Settings\Owner\Local Settings\Temp\~DF1154.tmp
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IFJCC00F\movie[1].qtl
C:\loaderRS.exe
C:\loaderXS.exe
C:\openX.exe
C:\WINDOWS\system32\ak.exe
C:\WINDOWS\system32\bxsraavf.exe
C:\WINDOWS\system32\c17b6s.dll
C:\WINDOWS\system32\cnurtstbzq.exe
C:\WINDOWS\system32\gq.exe
C:\WINDOWS\system32\iuuxkegqhikp.exe
C:\WINDOWS\system32\ktfnvr.exe
C:\WINDOWS\system32\nahar.exe
C:\WINDOWS\system32\nsyufoigecmz.exe
C:\WINDOWS\system32\nxtnkikwdy.exe
C:\WINDOWS\system32\qcozqg.exe
C:\WINDOWS\system32\qzhgfslnndnm.exe
C:\WINDOWS\system32\scenicid.exe
C:\WINDOWS\system32\sd.exe
C:\WINDOWS\system32\tn.exe
C:\WINDOWS\system32\tuz.exe
C:\WINDOWS\system32\ueyutvzv.exe
C:\WINDOWS\system32\uusleyb.exe
C:\WINDOWS\system32\uvwgjog.exe
C:\WINDOWS\system32\vthtzbvsavyl.exe
C:\WINDOWS\system32\vzau.exe
C:\WINDOWS\system32\wsokcdgo.exe
C:\WINDOWS\system32\xjjsnygnx.exe
C:\WINDOWS\system32\xmqoemsnq.exe
C:\WINDOWS\system32\yitl.exe
C:\Documents and Settings\Owner\Desktop\requested-files[2007-06-21_20_58].cab
C:\WINDOWS\system32\tyu.exe
C:\documents and settings\owner\local settings\temp\W9.exe
C:\PROGRA~1\COMMON~1\tsa
c:\installer\id53.exe
C:\PROGRA~1\NORTON~3
C:\Program Files\Optimum Online
C:\WINDOWS\system32\mijbvhlhf.exe
C:\WINDOWS\system32\juwucruhxqyw.exe
C:\WINDOWS\system32\ji.exe
C:\WINDOWS\system32\zougny.exe
C:\WINDOWS\system32\x.exe
C:\WINDOWS\system32\wpzsg.exe
C:\WINDOWS\system32\ifl.exe
C:\WINDOWS\system32\tyu.exe
C:\WINDOWS\system32\vdjoryav.exe
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\Program Files\Common Files\Symantec Shared


Please could you then run Kaspersky online scan again and post the report back here along with a new Hijackthis log so I can see what infections remain - thanks.

Jamie :thumbsup:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#15 romeomj

romeomj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 07 July 2007 - 08:47 PM

Yes I paid for Bitdefender and I have it set on auto update... BUT windows security keeps telling me my antivirus software might be out of date... I don't get that... I tried to update it manually but it says no updates available... what am I missing??

anyway, per your request... I have followed all the steps you asked...

Here is the KASPERSKY report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 07, 2007 9:39:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/07/2007
Kaspersky Anti-Virus database records: 359412
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 138071
Number of viruses found: 19
Number of infected objects: 197 / 0
Number of suspicious objects: 2
Duration of the scan process: 06:02:09

Infected Object Name / Virus Name / Last Action
C:\!KillBox\c17b6s.dll/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\!KillBox\c17b6s.dll/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\!KillBox\c17b6s.dll/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\!KillBox\c17b6s.dll/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\!KillBox\c17b6s.dll/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\!KillBox\c17b6s.dll/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\!KillBox\c17b6s.dll NSIS: infected - 6 skipped
C:\!KillBox\c17b6s.dll Exe2Dll: infected - 6 skipped
C:\!KillBox\gvhtvgimflk.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\!KillBox\gvtpagc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\iuuxkegqhikp.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\jlqkpylafm.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\kralxeu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\nwyvvuu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/repair/nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/Config/service.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/vebgwh.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/msgjlspmklxc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/envuthtmyr.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/cgwq.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/ltjdtnvf.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/j.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/xo.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/fkcvkugcyvuy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/bg.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/aeiqsjvlwsha.exe Infected: Trojan.Win32.Agent.amh skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/gvtpagc.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/rmxfxppwael.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/gvhtvgimflk.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/cgygydizxe.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/ispuitfp.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/qgzxnbrd.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/jlqkpylafm.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/wmssacrzhrwd.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/nwyvvuu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/kralxeu.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/x.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/system32/yrfxda.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/repair/nfosvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab/C:/WINDOWS/Config/service.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\!KillBox\requested-files[2007-06-21_20_58].cab CAB: infected - 26 skipped
C:\!KillBox\scenicid.exe Infected: Trojan.Win32.StartPage.ame skipped
C:\!KillBox\uusleyb.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\!KillBox\wmssacrzhrwd.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\vdjoryav.exe Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MQBO8E6F\iss[1].gm Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MQBO8E6F\rss11[1].ms Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\VersionTracker Pro\vtlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007070720070708\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\ekfobdkq.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\iqvyeouq.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETF65C.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\labityqn.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\nmiehnvt.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\otgeokuk.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\qwvtjgji.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\xqhcaxqn.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCC12.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IFJCC00F\movie[1].qtl Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Divx\DivXPro511Adware.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Program Files\Divx\DivXPro511Adware.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Program Files\Divx\DivXPro511Adware.exe NSIS: infected - 2 skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf Object is locked skipped
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\$NtServicePackUninstall$\exp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aalelvjm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aedcwhco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\blymjbcc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geeda.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hapdxuou.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iqsyyaat.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jhmransb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\klgjshgd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nquroblk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ogjvupkb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oksltala.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qommllm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qpqpvgwq.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\spexinxw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\timfkfib.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wfmdatfa.dll.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yurqipvx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0241245.dll Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242253.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242254.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242255.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242256.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP738\A0242257.exe Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP742\A0243346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP742\A0243347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP744\A0244380.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP746\A0246401.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP747\A0246481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP747\A0247481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0248481.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0248499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0249499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0250499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP748\A0251499.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP749\A0264582.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP750\A0264860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP750\A0264871.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP751\A0265871.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP752\A0265902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP752\A0265924.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0266108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0266109.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268127.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268199.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268200.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268201.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268202.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268204.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268207.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268214.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268215.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268221.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268224.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268225.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP754\A0268304.dll Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268356.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268357.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268358.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268359.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268360.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268361.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268362.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268363.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268364.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268365.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268366.exe Infected: Trojan.Win32.Agent.amh skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268367.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268368.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268369.exe Infected: Trojan.Win32.Agent.aqg skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268370.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268371.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268372.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268373.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268375.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268376.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268377.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP755\A0268378.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268435.exe Infected: Trojan.Win32.Agent.amh skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268436.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268437.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268438.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268439.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268440.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268441.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268442.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268443.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268444.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268445.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268446.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268447.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268448.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0268449.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269439.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269440.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269441.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269442.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269443.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269444.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269445.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269446.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269447.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269448.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269449.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269450.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269451.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269452.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269453.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269454.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269455.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269456.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269457.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269458.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269459.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269460.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269461.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269462.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269464.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269465.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269466.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269467.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269468.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269469.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269470.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269471.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269472.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269473.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269474.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269475.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP756\A0269476.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll NSIS: infected - 6 skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270557.dll Exe2Dll: infected - 6 skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270558.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270559.exe Infected: Trojan.Win32.StartPage.ame skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\A0270560.exe Infected: Backdoor.Win32.HacDef.hx skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP763\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\ATPartners.inf Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.bak Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.bho Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat Object is locked skipped
C:\WINDOWS\Temp\tmp00006ed5\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

And here is my latest HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:46:21 PM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaware\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SPAM\TMAS_OEMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\jamielaw\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optonline.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\SPAM\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Adaware\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\DVDrom\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: VersionTracker Pro.lnk = ?
O4 - Global Startup: WX Process Manager.lnk = C:\Program Files\Wavexpress\TVTonic\WXprocMgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158420551281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Adaware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DefragMentor Premium Job Scheduler (DPSV) - Unknown owner - C:\Program Files\DefragMentor\DefragMentor Premium\DPSV.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetLogon P2P (NFOSVC) - Unknown owner - C:\WINDOWS\repair\nfosvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

thank you and I look forward to hearing from you soon.

romeomj




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users