PDA

View Full Version : My computer is ill, I'm hoping not terminally


WAA4086
2007-12-30, 21:10
Hello,

My computer is ill, and I'm hoping it is not terminal.

I am running:

Windows XP sp1
McAffee virus protection
Spy sweeper antispyware protection


My antivirus and spyware keep finding multiple viruses and/or trojans. (such as newmalware.j) and tells me they cannot be cleaned, quarrantined or deleted.

My control panel is in accessible now. Message tells me the operation has been canceled due to restrictions in effect. I am logged in as the system administrator.

I get a pop up message: Windows security alert Warning! Potential spyware operation. Your coputer is making unauthorized copies of your system and Internet files. Run fill scan now to prevent any unathorised (yes it is mis-spelled in the message) access to your files! Click yes to download spyware remover... Yes or No. I always select No, because I am suspicious of this.

I have tried to install Spybot Search & Destroy. The computer will not allow me to. (gives me the "this operation is canceled due to restrictions...." message) though I am logged in as the administrator.

I tried to do a system restore and again it will not allow access to it.

I was able to boot in safe mode and install Hijackthis and run a scan. I will post it next and await a reply from you.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:52 PM, on 12/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\proper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Wendy\LOCALS~1\Temp\14842\gm.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" /autorun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKUS\S-1-5-18\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\sol548.txt
O20 - Winlogon Notify: awvkrtxwr - C:\WINDOWS\SYSTEM32\ejyiuvrm.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: __c00BE241 - C:\WINDOWS\System32\__c00BE241.dat
O21 - SSODL: E404Helper - {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9284 by
Shaba
2007-12-31, 11:24
Hi WAA4086 and welcome to Safer Networking Forums :)

Please post next a fresh HijackThis log taken in normal mode, if possible.
WAA4086
2007-12-31, 17:32
Thank you for the quick response. Here is the HijackThis log while running my computer in normal mode.

I have my computer disconnected from the internet otherwise it takes forever to try and do anything. I am using my laptop to post to you. (saving the logs to a USB drive from the infected computer)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:49 AM, on 12/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\Explorer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\Novell\Messenger\NMCL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwaredetectedthisautos.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {d262e70a-7841-4a85-9aa1-8d66aa593c89} - (no file)
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Wendy\LOCALS~1\Temp\14842\gm.exe
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] "C:\PROGRA~1\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Wendy\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKUS\S-1-5-18\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'Default user')
O4 - Startup: infos.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\sol548.txt
O20 - Winlogon Notify: awvkrtxwr - C:\WINDOWS\SYSTEM32\ejyiuvrm.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: __c00BE241 - C:\WINDOWS\System32\__c00BE241.dat
O21 - SSODL: E404Helper - {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Shaba
2007-12-31, 18:41
Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
WAA4086
2008-01-01, 15:06
I ran the Combofix, the cpu of my computer stayed at 100% so it took almost four hours to complete. I did verify that none of the processes you listed were running. I will post the log below.

I also ran another Hijackthis log. (I will post in another posting as it makes this message too long)

ComboFix 07-12-31.4 - Wendy 2007-12-31 14:53:54.1 - NTFSx86
Running from: C:\Documents and Settings\Wendy\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 24576 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\Ariell\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Ariell\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Ariell\Desktop\Go to Casino.lnk
C:\Documents and Settings\Ariell\Start Menu\Programs\Startup\infos.exe
C:\Documents and Settings\Wendy\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Wendy\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Wendy\Desktop\Go to Casino.lnk
C:\Documents and Settings\Wendy\Start Menu\Programs\Startup\infos.exe
C:\Program Files\E404 Helper
C:\Program Files\E404 Helper\e404.v6.dll
C:\Program Files\spoolsv.exe
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\bronto.dll
C:\WINDOWS\system32\drivers\ctl_w32.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\e404d.dll
C:\WINDOWS\system32\ejyiuvrm.dll
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tmp
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\winter.exe
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\Temp\293851113.exe
C:\xcrashdump.dat
C:\WINDOWS\system32\__c00BE241.dat . . . . failed to delete
C:\WINDOWS\system32\cvmwusyqq.exe . . . . failed to delete
C:\WINDOWS\system32\xpdx.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CTL_W32
-------\LEGACY_FCI
-------\LEGACY_MICROSOFT_INET_SERVICE
-------\LEGACY_NTIO256
-------\LEGACY_RUNTIME
-------\FCI
-------\Microsoft Inet Service
-------\ntio256
-------\protect
-------\runtime
-------\SysLibrary
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-31 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 14:36 . 2007-12-30 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 14:17 . 2004-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-30 14:17 . 2004-08-28 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-30 14:17 . 2005-06-11 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-12-30 14:16 . 2007-12-30 14:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Webroot
2007-11-29 20:34 . 2007-11-29 20:34 339,968 --a------ C:\WINDOWS\ddubbv.exe
2007-11-29 18:31 . 2007-11-29 20:29 291,328 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
2007-11-29 18:14 . 2007-11-29 18:14 1 --a------ C:\177.tmp
2007-11-27 20:18 . 2007-11-27 20:18 108,760 --a------ C:\wndrcqe.exe
2007-11-27 20:17 . 2007-11-27 20:17 40,506 --a------ C:\Documents and Settings\Wendy\~sys321717.exe
2007-11-27 20:17 . 2007-11-27 20:17 22,528 --a------ C:\WINDOWS\SYSTEM32\ripa.dll
2007-11-27 20:01 . 2007-11-27 20:01 54,218 --a------ C:\WINDOWS\SYSTEM32\xpdx.sys
2007-11-27 19:59 . 2007-11-27 19:59 6,656 --a------ C:\WINDOWS\SYSTEM32\ernel32.dll
2007-11-27 19:59 . 2007-11-27 20:38 8 --a------ C:\4asjojwqeras2384u9jdsfkasdf.dat
2007-11-27 19:58 . 2007-11-27 19:58 50 --a------ C:\WINDOWS\SYSTEM32\rt25.bat
2007-11-27 19:57 . 2007-11-27 19:57 11,991 --a------ C:\WINDOWS\SYSTEM32\pwvnxk
2007-11-27 19:57 . 2007-11-29 18:14 6,144 --a------ C:\Documents and Settings\Wendy\ie_updates3r.exe
2007-11-27 19:57 . 2007-11-27 19:57 0 --a------ C:\WINDOWS\SYSTEM32\gdnrgwh
2007-11-26 05:10 . 2007-11-26 05:10 24,576 --a------ C:\WINDOWS\SYSTEM32\rt27.exe
2007-11-25 13:22 . 2007-11-29 06:03 22,363 --------- C:\WINDOWS\SYSTEM32\__c00BE241.dat
2007-11-25 13:21 . 2007-11-25 13:21 148,593 --a------ C:\Documents and Settings\Jared\p423ck.exe
2007-11-25 09:20 . 2007-11-25 09:20 <DIR> d---s---- C:\Documents and Settings\Ariell\UserData
2007-11-25 06:24 . 2007-11-25 06:24 66,048 --a------ C:\WINDOWS\SYSTEM32\rt26.exe
2007-11-17 18:35 . 2007-11-17 18:36 <DIR> d-------- C:\Documents and Settings\Ariell\Application Data\acccore
2007-11-16 18:57 . 2004-07-09 04:27 1,769,472 --a------ C:\WINDOWS\SYSTEM32\dxdiagn.dll
2007-11-09 10:50 . 2007-11-09 10:50 <DIR> d-------- C:\Novell
2007-11-04 20:53 . 2007-11-06 18:36 <DIR> d-------- C:\Documents and Settings\Wendy\CCAC Photos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 00:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\U3
2007-11-29 23:25 7,680 ----a-w C:\WINDOWS\SYSTEM32\winter.exe
2007-11-29 23:25 7,680 ----a-w C:\WINDOWS\SYSTEM32\proper.exe
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
2007-11-28 01:43 --------- d-----w C:\Program Files\Opera
2007-11-28 01:17 40,506 ----a-w C:\Documents and Settings\Wendy\~sys321717.exe
2007-11-20 21:59 --------- d-----w C:\Program Files\McAfee.com
2007-11-09 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-25 21:51 8,185,542 ----a-w C:\Documents and Settings\Jared\Jared Room Photos.zip
2005-05-26 00:10 115,376 ----a-w C:\Documents and Settings\Jared\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 14:55 115,376 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
2006-03-16 16:30 418,041 --sha-w C:\WINDOWS\SYSTEM32\ehhkj.bak1
2006-03-23 21:28 421,808 --sha-w C:\WINDOWS\SYSTEM32\ehhkj.bak2
2006-04-11 00:21 418,497 --sh--w C:\WINDOWS\SYSTEM32\ehhkj.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
C:\WINDOWS\System32\bronto.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 11:26 66672]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 200704]
"EPSON Stylus Photo R380 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2006-05-29 03:00 139264]
"Novell Messenger"="C:\Novell\Messenger\NMCL32.exe" [2007-06-08 16:40 1417293]
"Undefined"="C:\WINDOWS\System32\winter.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-28 13:35 26112]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45 131072]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 18:46 270336]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 13:57 221184]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-20 16:15 483328]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-01 19:55 155648]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:02 3871744]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 15:41 135168]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2002-08-29 05:00 375808]
"Undefined"="C:\WINDOWS\System32\winter.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"taskdir"="C:\WINDOWS\System32\taskdir.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)
"NoWindowsUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BE241]
C:\WINDOWS\System32\__c00BE241.dat 2007-11-29 06:03 22363 C:\WINDOWS\SYSTEM32\__c00BE241.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\sol548.txt

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:33:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN399340P4M9.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN399340P4M9
"2007-12-31 22:33:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-12-31 21:53:12 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D464HL51-Wendy).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2004-11-22 02:33:06 C:\WINDOWS\Tasks\WebReg 20041121213306.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exea/TaskName 20041121213306 /N
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:31:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\ctl_w32.sys 34816 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ctl_w32]
"ImagePath"="\SystemRoot\system32\drivers\ctl_w32.sys"
--

.
Completion time: 2007-12-31 20:50:57 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 01:31:48
WAA4086
2008-01-01, 15:07
Here is the latest Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:40 AM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwaredetectedthisautos.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKUS\S-1-5-18\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\sol548.txt
O20 - Winlogon Notify: __c00BE241 - C:\WINDOWS\System32\__c00BE241.dat
O21 - SSODL: E404Helper - {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - cmd.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10209 bytes
Shaba
2008-01-01, 15:21
Hi

* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
WAA4086
2008-01-01, 18:30
Hello,

Here is the results from running GMER. **My first attempt states it is too long. I'll divide and post it two separate postings.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-01 12:23:27
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.13 ----

SSDT 823CFC60 ZwAllocateVirtualMemory
SSDT 823B41A8 ZwCreateKey
SSDT 823E9898 ZwCreateProcess
SSDT 8237D100 ZwCreateProcessEx
SSDT 823CFF30 ZwCreateThread
SSDT 823D8020 ZwDeleteKey
SSDT 823AE1E8 ZwDeleteValueKey
SSDT 823CFCD8 ZwQueueApcThread
SSDT 823CFB70 ZwReadVirtualMemory
SSDT 823D0148 ZwRenameKey
SSDT 823CFDC8 ZwSetContextThread
SSDT 82393148 ZwSetInformationKey
SSDT 823EB558 ZwSetInformationProcess
SSDT 823CFE40 ZwSetInformationThread
SSDT 823B23A0 ZwSetValueKey
SSDT 823CFFA8 ZwSuspendProcess
SSDT 823CFD50 ZwSuspendThread
SSDT 823EB5D0 ZwTerminateProcess
SSDT 823CFEB8 ZwTerminateThread
SSDT 823CFBE8 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1208] kernel32.dll!CreateThread + 18 77E7BE6B 4 Bytes [ 4D, 2B, 5D, 88 ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1976] kernel32.dll!CreateThread + 18 77E7BE6B 4 Bytes [ 91, 2F, 5D, 88 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateKey + 1 77F5B6C9 1 Byte [ 22 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateKey + 4 77F5B6CC 8 Bytes [ C0, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateProcess + 1 77F5B729 1 Byte [ 22 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateProcess + 4 77F5B72C 8 Bytes [ C0, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateProcessEx + 1 77F5B739 1 Byte [ 22 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtCreateProcessEx + 4 77F5B73C 8 Bytes [ C0, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtOpenFile + 1 77F5BB79 1 Byte [ 22 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtOpenFile + 4 77F5BB7C 8 Bytes [ C0, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtOpenKey + 1 77F5BBA9 1 Byte [ 22 ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] ntdll.dll!NtOpenKey + 4 77F5BBAC 8 Bytes [ C0, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] kernel32.dll!VirtualProtect 77E6169E 5 Bytes JMP 00030670 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] kernel32.dll!VirtualAlloc 77E7AC72 5 Bytes JMP 000305F4 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] kernel32.dll!CreateFileA 77E7B476 5 Bytes JMP 00030444 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] kernel32.dll!LoadLibraryExW 77E7D839 5 Bytes JMP 00030444 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[3064] kernel32.dll!VirtualFree 77E815CB 5 Bytes JMP 00030634 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 823CFA00
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 823CFA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 823CFA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 823CFA00
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 823CFA00
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 823CFAF8
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 823CFA00

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F87BAC1C] SSFS0509.SYS

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 82094220
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 821575C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 82061B88
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 822966A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 82131328
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 8215EE78
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 821B9108
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 8212FBB8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 8211D0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 82088108
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 820CE0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 8218E580
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 82150788
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 821A40C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 821ED218
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 821CC740
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 8226F698
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 8219C0C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 81F62CD8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 82180E98
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 8208CE98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 8207BE98
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 8229DE98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 82085E98
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 820A2E98
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 8207AE98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 82097E98
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 8208A978
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 82094220
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 821575C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 82061B88
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 822966A0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 82131328
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 8215EE78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 821B9108
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 8212FBB8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 8211D0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 82088108
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 820CE0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 8218E580
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 82150788
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 821A40C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 821ED218
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 821CC740
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 8226F698
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 8219C0C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 81F62CD8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 82180E98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 8208CE98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 8207BE98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 8229DE98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 82085E98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 820A2E98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 8207AE98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 82097E98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 8208A978
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 82094220
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 821575C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 82061B88
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 822966A0
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 82131328
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 8215EE78
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 821B9108
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 8212FBB8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 8211D0C8
WAA4086
2008-01-01, 18:31
Here is the second half of the Gmer log.

Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 82088108
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 820CE0C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 8218E580
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 82150788
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 821A40C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 821ED218
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 821CC740
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 8226F698
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 8219C0C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 81F62CD8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 82180E98
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 8208CE98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 8207BE98
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 8229DE98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 82085E98
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 820A2E98
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 8207AE98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 82097E98
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 8208A978
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 82094220
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 821575C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 82061B88
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 822966A0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 82131328
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 8215EE78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 821B9108
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 8212FBB8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 8211D0C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 82088108
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 820CE0C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 8218E580
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 82150788
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 821A40C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 821ED218
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 821CC740
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 8226F698
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 8219C0C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 81F62CD8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 82180E98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 8208CE98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 8207BE98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 8229DE98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 82085E98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 820A2E98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 8207AE98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 82097E98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 8208A978
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 82094220
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 821575C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 82061B88
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 822966A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 82131328
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 8215EE78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 821B9108
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 8212FBB8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 8211D0C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 82088108
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 820CE0C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 8218E580
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 82150788
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 821A40C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 821ED218
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 821CC740
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 8226F698
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 8219C0C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 81F62CD8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 82180E98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 8208CE98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 8207BE98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 8229DE98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 82085E98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 820A2E98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 8207AE98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 82097E98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 8208A978

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F87BAC1C] SSFS0509.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F87BAC1C] SSFS0509.SYS

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EFA45617] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EFA45617] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EFA45617] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EFA45617] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [EFA45617] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [EFA4579B] tfsnifs.sys

---- Files - GMER 1.0.13 ----

ADS C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000003.EXE:ext.exe

---- EOF - GMER 1.0.13 ----
Shaba
2008-01-01, 18:41
Hi

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
WAA4086
2008-01-01, 19:33
Here is the results from the SDFix and a new Hijackthis log.

SDFix: Version 1.121

Run by Ariell on Tue 01/01/2008 at 01:08 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
ctl_w32

Path:
\SystemRoot\system32\drivers\ctl_w32.sys

ctl_w32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\MSMAPI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SMARTDRV.EXE - Deleted
C:\WINDOWS\SYSTEM32\INTR32.DLL - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe - Deleted
C:\Documents and Settings\Ariell\Start Menu\Programs\Startup\infos.exe - Deleted
C:\WINDOWS\ddubbv.exe - Deleted
C:\WINDOWS\system32\DAP.exe - Deleted
C:\WINDOWS\system32\form.txt - Deleted
C:\WINDOWS\system32\winter.exe - Deleted
C:\WINDOWS\SYSTEM32\xpdx.sys - Deleted
C:\WINDOWS\system32\drivers\ctl_w32.sys - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 13:14:22
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 9 Aug 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Sat 9 Aug 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Sat 9 Aug 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Sat 9 Aug 2003 233,553 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Tue 21 Mar 2006 421,101 A.SH. --- "C:\WINDOWS\SYSTEM32\ehhkj.tmp"
Thu 16 Mar 2006 418,041 A.SH. --- "C:\WINDOWS\SYSTEM32\ehhkj.bak1"
Thu 23 Mar 2006 421,808 A.SH. --- "C:\WINDOWS\SYSTEM32\ehhkj.bak2"
Tue 24 May 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 3 Sep 2004 21,504 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\~WRL0001.tmp"
Sat 11 Jan 2003 19,968 A..H. --- "C:\Documents and Settings\Wendy\My Documents\Wendy\Church\~WRL0001.tmp"
Sat 9 Aug 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Fri 26 Aug 2005 30,720 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Farm Information\~WRL0739.tmp"
Tue 16 Mar 2004 20,480 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\House Project\~WRL0026.tmp"
Tue 16 Mar 2004 19,456 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\House Project\~WRL0658.tmp"
Tue 16 Mar 2004 22,528 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\House Project\~WRL1388.tmp"
Tue 16 Mar 2004 21,504 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\House Project\~WRL1393.tmp"
Tue 16 Mar 2004 20,992 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\House Project\~WRL2107.tmp"
Thu 2 Mar 2000 26,624 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\LEAN\~WRL0001.TMP"
Fri 3 Mar 2000 27,648 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\LEAN\~WRL0002.TMP"
Tue 31 Jul 2001 178,176 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Purchase Requesitions\~WRL0001.tmp"
Wed 8 Aug 2001 180,224 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Purchase Requesitions\~WRL2346.tmp"
Tue 9 Mar 2004 20,992 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Tower Replacement\~WRL0003.tmp"
Sun 21 Mar 2004 22,016 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Tower Replacement\~WRL2993.tmp"
Wed 27 Apr 2005 23,040 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Tower Replacement\~WRL3834.tmp"
Sat 11 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sat 11 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sat 11 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Sat 11 Jun 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Mon 6 Jun 2005 23,552 A..H. --- "C:\Documents and Settings\Scott\My Documents\Memory Stick One\Memory Stick\Home Plans\Andy Schrauben Designer Home Design\Foundation\~WRL0005.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:47 PM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwaredetectedthisautos.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: __c00BE241 - C:\WINDOWS\System32\__c00BE241.dat
O21 - SSODL: E404Helper - {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - cmd.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10467 bytes
WAA4086
2008-01-01, 19:36
Here is an additional piece of information.


I only had the choice of logging in under another user while running in safe mode to complete the SDfix. My normal user was not an option. I was able to browse to the SDfix file under C:\SDfix without any issue.
Shaba
2008-01-01, 19:38
Hi

Looks better :)

Re-run combofix.

Post:

- a fresh HijackThis log
- combofix report
WAA4086
2008-01-01, 20:08
Re-ran the Combo fix. Process was much, much faster today. Upon the Combo fix preparing the report the following message popped up: Windows cannot find C:\windows\system32\proper.exe (the only option was to select OK)

The report finished and then the following message popped up: Registry editing has been disabled by your administrator. (the only option was to select OK)

The Combo fix is pasted next, followed by a new Hijackthis log.

ComboFix 07-12-31.4 - Wendy 2008-01-01 13:46:33.2 - NTFSx86
Running from: C:\Documents and Settings\Wendy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\Wendy\Start Menu\Programs\Startup\infos.exe
C:\WINDOWS\system32\__c00BE241.dat
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\system32\winter.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CTL_W32


((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 13:52 . 2007-11-29 18:25 7,680 --a------ C:\WINDOWS\SYSTEM32\winter.exe
2008-01-01 13:52 . 2007-11-29 18:25 7,680 --a------ C:\WINDOWS\SYSTEM32\proper.exe
2008-01-01 13:07 . 2008-01-01 13:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 11:53 . 2008-01-01 12:05 250 --a------ C:\WINDOWS\gmer.ini
2007-12-31 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 14:36 . 2007-12-30 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 14:17 . 2004-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-30 14:17 . 2004-08-28 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-30 14:17 . 2005-06-11 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 00:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\U3
2007-11-30 01:29 291,328 ----a-w C:\WINDOWS\SYSTEM32\libcurl.dll
2007-11-29 23:14 6,144 ----a-w C:\Documents and Settings\Wendy\ie_updates3r.exe
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
2007-11-28 01:43 --------- d-----w C:\Program Files\Opera
2007-11-28 01:38 8 ----a-w C:\4asjojwqeras2384u9jdsfkasdf.dat
2007-11-28 01:18 108,760 ----a-w C:\wndrcqe.exe
2007-11-28 01:17 40,506 ----a-w C:\Documents and Settings\Wendy\~sys321717.exe
2007-11-28 01:17 22,528 ----a-w C:\WINDOWS\SYSTEM32\ripa.dll
2007-11-28 00:59 6,656 ----a-w C:\WINDOWS\SYSTEM32\ernel32.dll
2007-11-26 10:10 24,576 ----a-w C:\WINDOWS\SYSTEM32\rt27.exe
2007-11-25 18:21 148,593 ----a-w C:\Documents and Settings\Jared\p423ck.exe
2007-11-25 11:24 66,048 ----a-w C:\WINDOWS\SYSTEM32\rt26.exe
2007-11-20 21:59 --------- d-----w C:\Program Files\McAfee.com
2007-11-17 23:36 --------- d-----w C:\Documents and Settings\Ariell\Application Data\acccore
2007-11-09 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-25 21:51 8,185,542 ----a-w C:\Documents and Settings\Jared\Jared Room Photos.zip
2005-05-26 00:10 115,376 ----a-w C:\Documents and Settings\Jared\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 14:55 115,376 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
2006-03-16 16:30 418,041 --sha-w C:\WINDOWS\SYSTEM32\ehhkj.bak1
2006-03-23 21:28 421,808 --sha-w C:\WINDOWS\SYSTEM32\ehhkj.bak2
2006-04-11 00:21 418,497 --sh--w C:\WINDOWS\SYSTEM32\ehhkj.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
C:\WINDOWS\System32\bronto.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 11:26 66672]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 200704]
"EPSON Stylus Photo R380 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2006-05-29 03:00 139264]
"Novell Messenger"="C:\Novell\Messenger\NMCL32.exe" [2007-06-08 16:40 1417293]
"Undefined"="C:\WINDOWS\System32\winter.exe" [2007-11-29 18:25 7680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-28 13:35 26112]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45 131072]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 18:46 270336]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 13:57 221184]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-20 16:15 483328]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-01 19:55 155648]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:02 3871744]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 15:41 135168]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
"Undefined"="C:\WINDOWS\System32\winter.exe" [2007-11-29 18:25 7680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)
"NoWindowsUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BE241]
C:\WINDOWS\System32\__c00BE241.dat

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:33:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN399340P4M9.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN399340P4M9
"2008-01-01 18:33:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-01-01 18:52:08 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D464HL51-Wendy).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2004-11-22 02:33:06 C:\WINDOWS\Tasks\WebReg 20041121213306.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exea/TaskName 20041121213306 /N
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 13:52:21
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 13:57:12 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 18:57:06
C:\qoobox\ComboFix2.txt 2008-01-01 01:54:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:17 PM, on 1/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwaredetectedthisautos.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
O4 - Startup: infos.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: autos.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O20 - Winlogon Notify: __c00BE241 - C:\WINDOWS\System32\__c00BE241.dat (file missing)
O21 - SSODL: E404Helper - {67863fb9-04e9-48e6-aebc-fb84875ed091} - e404d.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10197 bytes
Shaba
2008-01-02, 10:50
Hi

Looks better :)

See here (http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs#Disable_SpySweeper)
how to disable SpySweeper temporarily.

After that:

Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\SYSTEM32\winter.exe
C:\WINDOWS\SYSTEM32\proper.exe
C:\wndrcqe.exe
C:\Documents and Settings\Wendy\~sys321717.exe
C:\WINDOWS\SYSTEM32\ripa.dll
C:\WINDOWS\SYSTEM32\rt27.exe
C:\Documents and Settings\Jared\p423ck.exe
C:\WINDOWS\SYSTEM32\ehhkj.bak1
C:\WINDOWS\SYSTEM32\ehhkj.bak2
C:\WINDOWS\SYSTEM32\ehhkj.ini2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableTaskMgr"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=-
"DisableTaskMgr"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=-
"NoWindowsUpdate"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BE241]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Undefined"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDFix"=-
"Undefined"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Please click this link-->Jotti (http://virusscan.jotti.org/)

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\SYSTEM32\ernel32.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Post:

- a fresh HijackThis log
- combofix report
- jotti/virustotal results
WAA4086
2008-01-03, 00:27
Here is the Combofix log and a new HijackThis log. I am not able to get through to either the jotti link or the virustotal link. Is there another alternate link or a better time to try?

ComboFix 07-12-31.4 - Wendy 2008-01-02 17:50:14.3 - NTFSx86
Running from: C:\Documents and Settings\Wendy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wendy\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Jared\p423ck.exe
C:\Documents and Settings\Wendy\~sys321717.exe
C:\WINDOWS\SYSTEM32\ehhkj.bak1
C:\WINDOWS\SYSTEM32\ehhkj.bak2
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\SYSTEM32\proper.exe
C:\WINDOWS\SYSTEM32\ripa.dll
C:\WINDOWS\SYSTEM32\rt27.exe
C:\WINDOWS\SYSTEM32\winter.exe
C:\wndrcqe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\Jared\p423ck.exe
C:\Documents and Settings\Wendy\~sys321717.exe
C:\Documents and Settings\Wendy\Start Menu\Programs\Startup\infos.exe
C:\WINDOWS\SYSTEM32\ehhkj.bak1
C:\WINDOWS\SYSTEM32\ehhkj.bak2
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\system32\proper.exe
C:\WINDOWS\SYSTEM32\ripa.dll
C:\WINDOWS\SYSTEM32\rt27.exe
C:\WINDOWS\SYSTEM32\winter.exe
C:\wndrcqe.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 13:07 . 2008-01-01 13:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 11:53 . 2008-01-01 12:05 250 --a------ C:\WINDOWS\gmer.ini
2007-12-31 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 14:36 . 2007-12-30 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 14:17 . 2004-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-30 14:17 . 2004-08-28 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-30 14:17 . 2005-06-11 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 00:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\U3
2007-11-30 01:29 291,328 ----a-w C:\WINDOWS\SYSTEM32\libcurl.dll
2007-11-29 23:14 6,144 ----a-w C:\Documents and Settings\Wendy\ie_updates3r.exe
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
2007-11-28 01:43 --------- d-----w C:\Program Files\Opera
2007-11-28 01:38 8 ----a-w C:\4asjojwqeras2384u9jdsfkasdf.dat
2007-11-28 00:59 6,656 ----a-w C:\WINDOWS\SYSTEM32\ernel32.dll
2007-11-25 11:24 66,048 ----a-w C:\WINDOWS\SYSTEM32\rt26.exe
2007-11-20 21:59 --------- d-----w C:\Program Files\McAfee.com
2007-11-17 23:36 --------- d-----w C:\Documents and Settings\Ariell\Application Data\acccore
2007-11-09 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-25 21:51 8,185,542 ----a-w C:\Documents and Settings\Jared\Jared Room Photos.zip
2005-05-26 00:10 115,376 ----a-w C:\Documents and Settings\Jared\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 14:55 115,376 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_13.56.14.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-01 18:46:18 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
+ 2008-01-02 22:50:09 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 11:26 66672]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 200704]
"EPSON Stylus Photo R380 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2006-05-29 03:00 139264]
"Novell Messenger"="C:\Novell\Messenger\NMCL32.exe" [2007-06-08 16:40 1417293]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-28 13:35 26112]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45 131072]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 18:46 270336]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 13:57 221184]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-20 16:15 483328]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-01 19:55 155648]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 15:41 135168]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:33:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN399340P4M9.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2008-01-02 22:33:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-01-02 22:44:50 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D464HL51-Wendy).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2004-11-22 02:33:06 C:\WINDOWS\Tasks\WebReg 20041121213306.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exea/TaskName 20041121213306 /N
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:52:29
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 17:53:06
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 22:52:51
C:\qoobox\ComboFix2.txt 2008-01-01 18:57:13
C:\qoobox\ComboFix3.txt 2008-01-01 01:54:59


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:43 PM, on 1/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Malwaredetectedthisautos.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9208 bytes
Shaba
2008-01-03, 10:40
Hi

Jotti seems to be down but VirusTotal is working.

Please try again :)
WAA4086
2008-01-03, 12:22
I have tried again this morning for a half an hour to connect to the virsustotal link. No luck. Gives me the message "this page cannot be displayed".

I am successful in going to other websites such as Spybot and google.
Shaba
2008-01-03, 12:34
Hi

Then try to access it via this (http://www.myproxy.ca)

Type http://www.virustotal.com there.
WAA4086
2008-01-03, 13:22
I'm am still not sucessful in trying to get to virustotal.

I tried the link via myproxy and this is the message I receive each time I try:

The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.


--------------------------------------------------------------------------------

Invalid at the top level of the document. Error processing resource 'http://www.myproxy.ca/q/nph-index.cgi/010110A/687474703a2f2f7777772e7669727573746f74616c2e636f6d2f'. Line 1, Position 45

<!-- resource has been modified by proxy -->
Shaba
2008-01-03, 13:33
Hi

Ok, then we skip that.

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - Global Startup: Malwaredetectedthisautos.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
WAA4086
2008-01-04, 02:41
Hello,

It took a while to get to the Kaspersky link. I'm not sure if I didn't get re-directed to somewhere else. I wasn't asked to install the active X controller. It just started downloading. The screen showed "AV SystemCare Installer v. 2.2.362.2. During the install the following messages popped up:

\xpre.exe
\snapsnet.exe
\rasesnet.exe
\wavvsnet.exe
\yazzsnet.exe

(all followed with "Windows cannot find XXX. Make sure you typed the name correctly and try again. With XXX listing the above mentioned files).

There were none of the options you asked me to select in the last post. The program just ran without any prompting from me. It did create a file (I've pasted it below)

I am now getting pop-ups (ads) that are belng blocked by this AVSystemCare. It also created an icon in the system tray.

I've also attached a new HijackThis log.

Scan Summary
Quick Scan run on 01/03/08 at 20:16:02
Total Time: 00 hours, 03 mins., 24 secs.
Scan complete successful.

- 69 memory locations scanned, 41 threats detected
- 3965 files scanned, 25 files infected
- 78522 registry locations checked, 26 threats detected


51 Spyware threats found
0 threats quarantined, 0 threats removed, 51 threats ignored


Details on Spyware Items
asappsrv.dll - Infected by Adserver.Process - Ignored
Full path: C:\WINDOWS\V2VuZHk\

ddaby.dll - Infected by SpywareQuake - Ignored
Full path: C:\WINDOWS\SYSTEM32\

netmon.exe - Infected by Monnet - Ignored
Full path: C:\Program Files\Network Monitor\

command.exe - Infected by Adserver.Process - Ignored
Full path: C:\WINDOWS\V2VuZHk\

aws - Infected by MiniBug (WeatherBug) - Ignored
Full path: c:\program files\

WeatherBug - Infected by MiniBug (WeatherBug) - Ignored
Full path: c:\program files\aws\

MiniBugTransporter.dll - Infected by MiniBug (WeatherBug) - Ignored
Full path: c:\program files\aws\WeatherBug\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX - Infected by MiniBug (WeatherBug) - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID - Infected by MiniBug (WeatherBug) - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX - Infected by MiniBug (WeatherBug) - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID - Infected by MiniBug (WeatherBug) - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1 - Infected by MiniBug (WeatherBug) - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - Infected by Gator (WeatherScope) - Ignored
Full path: HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX - Infected by Gator (WeatherScope) - Ignored
Full path: HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX - Infected by Gator (WeatherScope) - Ignored
Full path: HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} - Infected by Gator (WeatherScope) - Ignored
Full path: HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}

outerinfo - Infected by Media Tickets - Ignored
Full path: c:\documents and settings\wendy\start menu\programs\

Terms.lnk - Infected by Media Tickets - Ignored
Full path: c:\documents and settings\wendy\start menu\programs\outerinfo\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\outerinfo - Infected by Media Tickets - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\outerinfo

Uninstall.lnk - Infected by Media Tickets - Ignored
Full path: c:\documents and settings\wendy\start menu\programs\outerinfo\

network monitor - Infected by Monnet - Ignored
Full path: c:\program files\

outerinfo - Infected by PurityScan - Ignored
Full path: c:\program files\

Terms.rtf - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\

FF - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\

chrome.manifest - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\FF\

install.rdf - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\FF\

components - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\FF\

FF.dll - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\FF\components\

OuterinfoAds.xpt - Infected by PurityScan - Ignored
Full path: c:\program files\outerinfo\FF\components\

web buying - Infected by Adware.WebBuying - Ignored
Full path: c:\program files\

v1.8.6 - Infected by Adware.WebBuying - Ignored
Full path: c:\program files\web buying\

wbuninst.exe - Infected by Adware.WebBuying - Ignored
Full path: c:\program files\web buying\v1.8.6\

HKEY_CURRENT_USER\software\webbuying - Infected by Adware.WebBuying - Ignored
Full path: HKEY_CURRENT_USER\software\webbuying

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webbuying - Infected by Adware.WebBuying - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webbuying

webbuying.exe - Infected by Adware.WebBuying - Ignored
Full path: c:\program files\web buying\v1.8.6\

HKEY_LOCAL_MACHINE\software\transponder - Infected by VX2/d.TPS108 - Ignored
Full path: HKEY_LOCAL_MACHINE\software\transponder

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}

HKEY_LOCAL_MACHINE\system\controlset001\services\cmdservice - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\system\controlset001\services\cmdservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cmdservice - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cmdservice

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\uninstallstring - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\uninstallstring

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\norepair - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\norepair

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\noremove - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\noremove

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\nomodify - Infected by PacerD - Ignored
Full path: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\nomodify

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\aida - Infected by BDPlugin - Ignored
Full path: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\aida

HKEY_CURRENT_USER\Software\Wget - Infected by Backdoor.Bifrose - Ignored
Full path: HKEY_CURRENT_USER\Software\Wget

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net - Infected by ISTBar.Slotch - Ignored
Full path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net

HKEY_LOCAL_MACHINE\system\controlset001\services\core - Infected by core adware - Ignored
Full path: HKEY_LOCAL_MACHINE\system\controlset001\services\core

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\core - Infected by core adware - Ignored
Full path: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\core

atmtd.dll - Infected by TargetSaver - Ignored
Full path: C:\WINDOWS\SYSTEM32\

atmtd.dll._ - Infected by TargetSaver - Ignored
Full path: C:\WINDOWS\SYSTEM32\



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:50 PM, on 1/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\SSTEM3~1\iexplore.exe
C:\WINDOWS\17PHolmes572.exe
C:\Program Files\Web Buying\v1.8.6\webbuying.exe
C:\WINDOWS\17PHolmes1000106.exe
C:\Documents and Settings\Wendy\Application Data\?dobe\?hkdsk.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\V2VuZHk\command.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\17PHolmes572.exe
C:\Program Files\kernel\kernel.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\AVSystemCare\ugac.exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\Program Files\AVSystemCare\pgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
F3 - REG:win.ini: load=C:\WINDOWS\System32\ddaby.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\AVSystemCare\pgs.exe" /empty
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\SSTEM3~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - HKCU\..\Run: [Iqnh] "C:\Documents and Settings\Wendy\Application Data\?dobe\?hkdsk.exe"
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2VuZHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10655 bytes
Shaba
2008-01-06, 11:15
Hi and sorry for delay; I seem to have missed your reply for some reason.

That is no kaspersky report at all.

"I'm not sure if I didn't get re-directed to somewhere else"

You did.

You seem to have installed AV SystemCare or it installed itself. AV SystemCare is a pest and we need to get rid of it.

We do this:

Delete your copy of combofix.

After that:

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
WAA4086
2008-01-07, 02:44
I deleted the old Combo fix.

Downloaded the new Combo fix. Ran it and here is the log. I must split it into two postings as it is too long.

I will post the latest HijackThis log in another posting as well.

ComboFix 08-01-04.1 - Wendy 2008-01-06 20:06:06.4 - NTFSx86
Running from: C:\Documents and Settings\Wendy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\AVSystemCare.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVSystemCare
C:\Documents and Settings\All Users\Start Menu\Programs\AVSystemCare\AVSystemCare.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVSystemCare\Contact Customer Support.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVSystemCare\Uninstall AVSystemCare.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Wendy\Application Data.\AVSystemCare
C:\Documents and Settings\Wendy\Application Data.\AVSystemCare\Logs\threats.log
C:\Documents and Settings\Wendy\Application Data.\AVSystemCare\Logs\update.log
C:\Documents and Settings\Wendy\Application Data\DOBE~1
C:\Documents and Settings\Wendy\Application Data\DOBE~1\?hkdsk.exe
C:\Documents and Settings\Wendy\ResErrors.log
C:\Documents and Settings\Wendy\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Wendy\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Wendy\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Novell\Messenger\NMCL32.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AVSystemCare
C:\Program Files\AVSystemCare\Activate.exe
C:\Program Files\AVSystemCare\al.dat
C:\Program Files\AVSystemCare\Config\pgs.xml
C:\Program Files\AVSystemCare\Dat\Activate.dat
C:\Program Files\AVSystemCare\Dat\BkSites.dat
C:\Program Files\AVSystemCare\Dat\bnlink.dat
C:\Program Files\AVSystemCare\Dat\cd.dat
C:\Program Files\AVSystemCare\Dat\incmp.dat
C:\Program Files\AVSystemCare\Dat\index.dat
C:\Program Files\AVSystemCare\Dat\pv.dat
C:\Program Files\AVSystemCare\dhlp.dll
C:\Program Files\AVSystemCare\Engines\AWBase\database\enemies.dat
C:\Program Files\AVSystemCare\Engines\AWBase\vbpv.dat
C:\Program Files\AVSystemCare\Engines\PGBase\vbpv.dat
C:\Program Files\AVSystemCare\Engines\plugins\BORLNDMM.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANADWR.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANBCDR.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANDLDR.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANDOS1.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANEMUL.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANFUNC.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANKRNL.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANMCR1.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANOTHR.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANSCR.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANTOOL.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANTROJ.DLL
C:\Program Files\AVSystemCare\Engines\plugins\SCANWIN1.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNACPU.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNADBX.DLL
C:\Program Files\AVSystemCare\Engines\plugins\unamscan.dll
C:\Program Files\AVSystemCare\Engines\plugins\UNMIME.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNPACK.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNPACKS.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNPACKS2.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UNPEPACK.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UpDate\UA27601.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UpDate\UA27602.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UpDate\UA27603.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UpDate\UA27604.DLL
C:\Program Files\AVSystemCare\Engines\plugins\UpDate\UADAILY.DLL
C:\Program Files\AVSystemCare\Engines\plugins\vbpv.dat
C:\Program Files\AVSystemCare\FWSettings.bin
C:\Program Files\AVSystemCare\Graphics\cross.gif
C:\Program Files\AVSystemCare\Graphics\ga6p.gif
C:\Program Files\AVSystemCare\Graphics\kb.url
C:\Program Files\AVSystemCare\Graphics\main.ico
C:\Program Files\AVSystemCare\Graphics\mini.ico
C:\Program Files\AVSystemCare\Graphics\Online.url
C:\Program Files\AVSystemCare\Graphics\rm.url
C:\Program Files\AVSystemCare\Graphics\support.ico
C:\Program Files\AVSystemCare\Graphics\Support.url
C:\Program Files\AVSystemCare\Graphics\uninstall.ico
C:\Program Files\AVSystemCare\history.db
C:\Program Files\AVSystemCare\LA\lapv.dat
C:\Program Files\AVSystemCare\LA\License.rtf
C:\Program Files\AVSystemCare\main.log
C:\Program Files\AVSystemCare\pgs .exe
C:\Program Files\AVSystemCare\pgs.exe
C:\Program Files\AVSystemCare\ptask .exe
C:\Program Files\AVSystemCare\ptask.exe
C:\Program Files\AVSystemCare\reload.exe
C:\Program Files\AVSystemCare\ResErrors.log
C:\Program Files\AVSystemCare\scnkrnl.dll
C:\Program Files\AVSystemCare\settings.ini
C:\Program Files\AVSystemCare\sqlite3.dll
C:\Program Files\AVSystemCare\sr.log
C:\Program Files\AVSystemCare\Tools\pblock.dll
C:\Program Files\AVSystemCare\Tools\sbiebho.dll
C:\Program Files\AVSystemCare\unins000.dat
C:\Program Files\AVSystemCare\unins000.exe
C:\Program Files\AVSystemCare\Up\ASupdater.dat
C:\Program Files\AVSystemCare\Up\gup.exe
C:\Program Files\AVSystemCare\Up\PGupdater.dat
C:\Program Files\AVSystemCare\Up\UBupdater.dat
C:\Program Files\AVSystemCare\Up\up.dat
C:\Program Files\AVSystemCare\Up\updater.dat
C:\Program Files\Common Files\AVSystemCare
C:\Program Files\Common Files\AVSystemCare\bm .exe
C:\Program Files\Common Files\AVSystemCare\bm .exe
C:\Program Files\Common Files\AVSystemCare\bm .exe
C:\Program Files\Common Files\AVSystemCare\bm.exe
C:\Program Files\Common Files\AVSystemCare\ugac .exe
C:\Program Files\Common Files\AVSystemCare\ugac.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Agent\MCREGW~1 .EXE
C:\Program Files\McAfee.com\Agent\MCREGW~1.EXE
C:\Program Files\McAfee.com\Agent\MCREGW~2 .EXE
C:\Program Files\McAfee.com\Agent\MCREGW~2.EXE
C:\Program Files\McAfee.com\Agent\MCREGW~3 .EXE
C:\Program Files\McAfee.com\Agent\MCREGW~3.EXE
C:\Program Files\McAfee.com\Agent\MCREGW~4.EXE
C:\Program Files\McAfee.com\Agent\mcregwiz .exe
C:\Program Files\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1.EXE
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Agent\mcupdate.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Router
C:\Program Files\Router\Router.exe
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\Program Files\web buying\v1.8.6\webbuying .exe
C:\Program Files\web buying\v1.8.6\webbuying.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddaby.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\hphmon05.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\SYSTEM32\lexpps.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwecbyo.dll
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sstem3~1\iexplore .exe
C:\WINDOWS\system32\sstem3~1\iexplore.exe
C:\WINDOWS\system32\sstem3~1\s?stem32\
C:\WINDOWS\system32\ukiwet.dll
C:\WINDOWS\system32\vtursqr.dll
C:\WINDOWS\system32\wnsintisv32.exe
C:\WINDOWS\system32\yayvwur.dll
C:\WINDOWS\SYSTEM32\ybadd.ini
C:\WINDOWS\SYSTEM32\ybadd.ini2
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z1\aroblcidr31z.exe
C:\WINDOWS\system32\z9
C:\WINDOWS\system32\z9\foppzwb91.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\V2VuZHk\
C:\WINDOWS\V2VuZHk\\asappsrv.dll
C:\WINDOWS\V2VuZHk\\command.exe
C:\WINDOWS\V2VuZHk\\pZpRtJ4.vbs
C:\WINDOWS\V2VuZHk\command.exe


<pre>
"C:\Novell\Messenger\NMCL32 .exe" replaces infected copy of "C:\Novell\Messenger\NMCL32.exe"
"C:\Program Files\AIM\aim .exe" replaces infected copy of "C:\Program Files\AIM\aim.exe"
"C:\Program Files\AVSystemCare\pgs .exe" replaces infected copy of "C:\Program Files\AVSystemCare\pgs.exe"
"C:\Program Files\AVSystemCare\ptask .exe" replaces infected copy of "C:\Program Files\AVSystemCare\ptask.exe"
"C:\Program Files\Common Files\AVSystemCare\ugac .exe" replaces infected copy of "C:\Program Files\Common Files\AVSystemCare\ugac.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe" replaces infected copy of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe" replaces infected copy of "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"C:\Program Files\Dell\Media Experience\PCMService .exe" replaces infected copy of "C:\Program Files\Dell\Media Experience\PCMService.exe"
"C:\Program Files\Dell Support\DSAgnt .exe" replaces infected copy of "C:\Program Files\Dell Support\DSAgnt.exe"
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd .exe" replaces infected copy of "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe" replaces infected copy of "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
"C:\Program Files\HP\hpcoretech\hpcmpmgr .exe" replaces infected copy of "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe" replaces infected copy of "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
"C:\Program Files\iTunes\iTunesHelper .exe" replaces infected copy of "C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
"C:\Program Files\kernel\kernel .exe" replaces infected copy of "C:\Program Files\kernel\kernel.exe"
"C:\Program Files\McAfee.com\Agent\mcagent .exe" replaces infected copy of "C:\Program Files\McAfee.com\Agent\mcagent.exe"
"C:\Program Files\McAfee.com\Agent\MCREGW~4 .EXE" replaces infected copy of "C:\Program Files\McAfee.com\Agent\MCREGW~4.EXE"
"C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE" replaces infected copy of "C:\Program Files\McAfee.com\Agent\MCUPDA~1.EXE"
"C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe" replaces infected copy of "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
"C:\Program Files\McAfee.com\VSO\mcvsshld .exe" replaces infected copy of "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
"C:\Program Files\McAfee.com\VSO\oasclnt .exe" replaces infected copy of "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
"C:\Program Files\Messenger\msmsgs .exe" replaces infected copy of "C:\Program Files\Messenger\msmsgs.exe"
"C:\Program Files\Microsoft Money\System\mnyexpr .exe" replaces infected copy of "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe" replaces infected copy of "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe" replaces infected copy of "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
"C:\Program Files\Real\RealPlayer\RealPlay .exe" replaces infected copy of "C:\Program Files\Real\RealPlayer\RealPlay.exe"
"C:\Program Files\Web Buying\v1.8.6\webbuying .exe" replaces infected copy of "C:\Program Files\Web Buying\v1.8.6\webbuying.exe"
"C:\WINDOWS\SYSTEM32\hkcmd .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\hkcmd.exe"
"C:\WINDOWS\SYSTEM32\hphmon05 .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\hphmon05.exe"
"C:\WINDOWS\SYSTEM32\igfxtray .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\igfxtray.exe"
"C:\WINDOWS\SYSTEM32\lexpps .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\lexpps.exe"
"C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA .EXE" replaces infected copy of "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA.EXE"
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09 .exe" replaces infected copy of "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe"
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-05 10:23 . 2008-01-06 19:50 174,592 --a------ C:\WINDOWS\SYSTEM32\lexpps.exe
2008-01-04 06:10 . 2008-01-06 19:51 483,328 --a------ C:\WINDOWS\SYSTEM32\hphmon05.exe
2008-01-04 06:09 . 2008-01-06 19:51 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-04 06:09 . 2008-01-06 19:51 118,784 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-03 20:13 . 2008-01-03 20:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-03 20:13 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2008-01-03 20:13 . 2008-01-03 20:13 46,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dhlp.sys
2008-01-03 20:13 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2008-01-03 19:58 . 2008-01-06 20:29 <DIR> d-------- C:\Program Files\kernel
2008-01-03 19:55 . 2008-01-03 19:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\mr9
2008-01-03 19:55 . 2008-01-03 19:55 <DIR> d-------- C:\WINDOWS\SYSTEM32\aj2
2008-01-03 19:55 . 2008-01-03 19:58 532,918 --a------ C:\TEMP\ytesm1220.exe
2008-01-03 19:55 . 2008-01-06 19:51 379,904 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-03 19:54 . 2008-01-03 19:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo01
2008-01-03 19:54 . 2008-01-03 19:54 <DIR> d-------- C:\TEMP\cEeer12
2008-01-01 13:07 . 2008-01-01 13:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 11:53 . 2008-01-01 12:05 250 --a------ C:\WINDOWS\gmer.ini
2007-12-31 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 14:36 . 2007-12-30 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 14:17 . 2004-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-30 14:17 . 2004-08-28 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-30 14:17 . 2005-06-11 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 01:29 --------- d-----w C:\Program Files\iTunes
2008-01-07 01:29 --------- d-----w C:\Program Files\Dell Support
2008-01-07 01:29 --------- d-----w C:\Program Files\AIM
2008-01-07 01:24 --------- d-----w C:\Program Files\QuickTime
2008-01-05 15:26 10 ----a-w C:\Program Files\.autoreg
2008-01-04 12:05 --------- d-----w C:\Program Files\Dell AIO Printer A920
2007-12-04 00:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\U3
2007-11-29 23:14 6,144 ----a-w C:\Documents and Settings\Wendy\ie_updates3r.exe
2007-11-28 01:43 --------- d-----w C:\Program Files\Opera
2007-11-28 01:38 8 ----a-w C:\4asjojwqeras2384u9jdsfkasdf.dat
2007-11-20 21:59 --------- d-----w C:\Program Files\McAfee.com
2007-11-17 23:36 --------- d-----w C:\Documents and Settings\Ariell\Application Data\acccore
2007-11-09 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-03-25 21:51 8,185,542 ----a-w C:\Documents and Settings\Jared\Jared Room Photos.zip
2005-05-26 00:10 115,376 ----a-w C:\Documents and Settings\Jared\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 14:55 115,376 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
.

<pre>
----a-w 270,336 2008-01-04 11:10:20 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
</pre>
WAA4086
2008-01-07, 02:46
Here is the second part of the Combo fix log.

Also posting a new HijackThis log.


((((((((((((((((((((((((((((( snapshot@2008-01-01_13.56.14.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 07:07:10 117,913 ----a-w C:\WINDOWS\SYSTEM32\aj2\bumebrpl5.exe
+ 2007-12-20 22:49:26 32,768 ----a-w C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
+ 2004-11-02 18:41:52 516,832 ----a-w C:\WINDOWS\SYSTEM32\capicom.dll
- 2008-01-01 18:46:18 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
+ 2008-01-07 01:05:13 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
+ 2007-08-03 01:44:02 169,147 ----a-w C:\WINDOWS\SYSTEM32\mr9\gyreo83122.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:46 PM, on 1/6/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\Program Files\kernel\kernel.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47D588F9-41CF-4C71-82EA-5D9CA104CD66} - \
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCABBE~1.EXE /autorun
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\AVSystemCare\bm.exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [ptask] C:\Program Files\AVSystemCare\ptask.exe
O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\AVSystemCare\bm .exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [bm(2)] "C:\Program Files\Common Files\AVSystemCare\bm .exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKLM\..\Run: [bm(3)] "C:\Program Files\Common Files\AVSystemCare\bm .exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Iqnh] "C:\Documents and Settings\Wendy\Application Data\?dobe\?hkdsk.exe"
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9897 bytes


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47D588F9-41CF-4C71-82EA-5D9CA104CD66}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-06 19:52 1670144]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2008-01-06 19:52 66672]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2008-01-06 19:52 306688]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-06 19:52 200704]
"EPSON Stylus Photo R380 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2008-01-06 19:52 139264]
"Novell Messenger"="C:\Novell\Messenger\NMCL32.exe" [2008-01-06 19:52 1417293]
"Iqnh"="C:\Documents and Settings\Wendy\Application Data\?dobe\?hkdsk.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [2008-01-06 19:52 61440]
"Router"="C:\Program Files\Router\Router.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-06 19:51 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-06 19:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2008-01-06 19:51 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2008-01-06 19:51 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-06 19:51 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-06 19:51 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-01-06 19:51 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-06 19:51 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-06 19:51 26112]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2008-01-06 19:52 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2008-01-06 19:51 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2008-01-06 19:51 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2008-01-06 19:51 131072]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2008-01-06 19:51 163840]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-01-06 19:51 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2008-01-06 19:51 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-06 19:51 221184]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2008-01-06 19:51 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-06 19:51 483328]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2008-01-06 19:52 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-06 19:52 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\MCABBE~1.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" [ ]
"bm"="C:\Program Files\Common Files\AVSystemCare\bm.exe" [ ]
"ptask"="C:\Program Files\AVSystemCare\ptask.exe" [ ]
"bm(1)"="C:\Program Files\Common Files\AVSystemCare\bm .exe" [ ]
"bm(2)"="C:\Program Files\Common Files\AVSystemCare\bm .exe" [ ]
"bm(3)"="C:\Program Files\Common Files\AVSystemCare\bm .exe" [ ]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:33:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN399340P4M9.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN399340P4M9
"2008-01-05 22:33:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-01-07 01:35:06 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D464HL51-Wendy).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2004-11-22 02:33:06 C:\WINDOWS\Tasks\WebReg 20041121213306.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exea/TaskName 20041121213306 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:35:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 20:37:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 01:36:59
ComboFix2.txt 2008-01-02 22:53:07
ComboFix3.txt 2008-01-01 18:57:13
ComboFix4.txt 2008-01-01 01:54:59
Shaba
2008-01-07, 11:07
Hi

Looks better :)

You may need to re-install some of your startup programs after you're clean because they were infected and that's why deleted by combofix

Open notepad and copy/paste the text in the quotebox below into it:


RenV::
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe

File::
C:\TEMP\ytesm1220.exe
C:\WINDOWS\mrofinu572.exe.tmp

Folder::
C:\WINDOWS\SYSTEM32\mr9
C:\WINDOWS\SYSTEM32\aj2
C:\WINDOWS\SYSTEM32\ardCo01
C:\TEMP\cEeer12
C:\Program Files\kernel

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iqnh"=-
"kernel"=-
"Router"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47D588F9-41CF-4C71-82EA-5D9CA104CD66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ugac"="-
"bm"=-
"ptask"=-
"bm(1)"-
"bm(2)"=-
"bm(3)"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
WAA4086
2008-01-07, 12:23
Hello,

Here is the combo fix log and a new HijackThis log.

ComboFix 08-01-04.1 - Wendy 2008-01-07 6:13:40.5 - NTFSx86
Running from: C:\Documents and Settings\Wendy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wendy\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\TEMP\ytesm1220.exe
C:\WINDOWS\mrofinu572.exe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\kernel
C:\Program Files\kernel\kernel.exe
C:\TEMP\cEeer12
C:\TEMP\ytesm1220.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\aj2
C:\WINDOWS\SYSTEM32\aj2\bumebrpl5.exe
C:\WINDOWS\SYSTEM32\ardCo01
C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
C:\WINDOWS\SYSTEM32\mr9
C:\WINDOWS\SYSTEM32\mr9\gyreo83122.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-05 10:23 . 2008-01-06 19:50 174,592 --a------ C:\WINDOWS\SYSTEM32\lexpps.exe
2008-01-04 06:10 . 2008-01-06 19:51 483,328 --a------ C:\WINDOWS\SYSTEM32\hphmon05.exe
2008-01-04 06:09 . 2008-01-06 19:51 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-04 06:09 . 2008-01-06 19:51 118,784 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-03 20:13 . 2008-01-03 20:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-03 20:13 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2008-01-03 20:13 . 2008-01-03 20:13 46,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dhlp.sys
2008-01-03 20:13 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2008-01-01 13:07 . 2008-01-01 13:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-01 11:53 . 2008-01-01 12:05 250 --a------ C:\WINDOWS\gmer.ini
2007-12-31 14:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 14:36 . 2007-12-30 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 14:17 . 2004-08-28 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-30 14:17 . 2004-08-28 13:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-30 14:17 . 2005-06-11 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 11:13 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-07 01:29 --------- d-----w C:\Program Files\iTunes
2008-01-07 01:29 --------- d-----w C:\Program Files\Dell Support
2008-01-07 01:29 --------- d-----w C:\Program Files\AIM
2008-01-07 01:24 --------- d-----w C:\Program Files\QuickTime
2008-01-05 15:26 10 ----a-w C:\Program Files\.autoreg
2007-12-04 00:14 --------- d-----w C:\Documents and Settings\Wendy\Application Data\U3
2007-11-30 01:29 291,328 ----a-w C:\WINDOWS\SYSTEM32\libcurl.dll
2007-11-29 23:14 6,144 ----a-w C:\Documents and Settings\Wendy\ie_updates3r.exe
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2007-11-29 23:14 12,800 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
2007-11-28 01:43 --------- d-----w C:\Program Files\Opera
2007-11-28 01:38 8 ----a-w C:\4asjojwqeras2384u9jdsfkasdf.dat
2007-11-28 00:59 6,656 ----a-w C:\WINDOWS\SYSTEM32\ernel32.dll
2007-11-25 11:24 66,048 ----a-w C:\WINDOWS\SYSTEM32\rt26.exe
2007-11-20 21:59 --------- d-----w C:\Program Files\McAfee.com
2007-11-17 23:36 --------- d-----w C:\Documents and Settings\Ariell\Application Data\acccore
2007-11-09 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-03-25 21:51 8,185,542 ----a-w C:\Documents and Settings\Jared\Jared Room Photos.zip
2005-05-26 00:10 115,376 ----a-w C:\Documents and Settings\Jared\Application Data\GDIPFONTCACHEV1.DAT
2005-03-31 14:55 115,376 ----a-w C:\Documents and Settings\Wendy\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_13.56.14.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-02 18:41:52 516,832 ----a-w C:\WINDOWS\SYSTEM32\capicom.dll
- 2008-01-01 18:46:18 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
+ 2008-01-07 01:05:13 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
- 2004-03-15 06:04:00 122,933 ----a-w C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
+ 2008-01-07 00:51:24 122,933 ----a-w C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
- 2006-05-29 08:00:00 139,264 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA.EXE
+ 2008-01-07 00:52:37 139,264 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA.EXE
- 2003-07-25 14:14:02 188,416 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
+ 2008-01-07 00:51:47 188,416 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-06 19:52 1670144]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2008-01-06 19:52 66672]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2008-01-06 19:52 306688]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-06 19:52 200704]
"EPSON Stylus Photo R380 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.exe" [2008-01-06 19:52 139264]
"Novell Messenger"="C:\Novell\Messenger\NMCL32.exe" [2008-01-06 19:52 1417293]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-06 19:51 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-06 19:51 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2008-01-06 19:51 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2008-01-06 19:51 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-06 19:51 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-06 19:51 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-01-06 19:51 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-06 19:51 110592]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-06 19:51 26112]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2008-01-06 19:52 151552]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2008-01-06 19:51 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2008-01-06 19:51 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2008-01-06 19:51 131072]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2008-01-06 19:51 163840]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-04 06:10 270336]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2008-01-06 19:51 188416]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2008-01-06 19:51 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2008-01-06 19:51 221184]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2008-01-06 19:51 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2008-01-06 19:51 483328]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2008-01-06 19:52 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-06 19:52 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\MCABBE~1.exe" [ ]
"ugac"="C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" [ ]
"bm(1)"="C:\Program Files\Common Files\AVSystemCare\bm .exe" [ ]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:33:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN399340P4M9.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN399340P4M9
"2008-01-07 10:33:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-01-07 01:35:06 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D464HL51-Wendy).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2004-11-22 02:33:06 C:\WINDOWS\Tasks\WebReg 20041121213306.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exea/TaskName 20041121213306 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 06:15:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 6:16:22
ComboFix-quarantined-files.txt 2008-01-07 11:16:14
ComboFix2.txt 2008-01-07 01:37:02
ComboFix3.txt 2008-01-02 22:53:07
ComboFix4.txt 2008-01-01 18:57:13
ComboFix5.txt 2008-01-01 01:54:59


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:23 AM, on 1/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCABBE~1.EXE /autorun
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\AVSystemCare\bm .exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8939 bytes
Shaba
2008-01-07, 12:27
Hi

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: "C:\Program Files\Common Files\AVSystemCare\bm .exe" dm=http://avsystemcare.com ad=http://avsystemcare.com sd=http://ykeeper.avsystemcare.com

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click [b]Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

And let's hope that now kaspersky scan goes well without redirections :)
WAA4086
2008-01-08, 04:06
Ran the HijackThis and was successful in selecting the two files indicated.

No issues with Kaspersky this time. The report is attached. I will have to break it up into a couple of posts due to the length.



Monday, January 07, 2008 10:00:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/01/2008
Kaspersky Anti-Virus database records: 503982


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 87463
Number of viruses found 53
Number of infected objects 463
Number of suspicious objects 0
Duration of the scan process 00:45:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.lrd Object is locked skipped

C:\Documents and Settings\Jared\Local Settings\Tempmbroit.exe Infected: Trojan-Downloader.Win32.Agent.euw skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Wendy\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Wendy\Application Data\Microsoft\Windows\gesrrrhm.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\Documents and Settings\Wendy\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Wendy\Desktop\ieupdr2.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\Documents and Settings\Wendy\ie_updates3r.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Temp\JET6A62.tmp Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Wendy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Wendy\ntuser.dat.LOG Object is locked skipped

C:\hpcmerr.log Object is locked skipped

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-192827-811-Malwaredetectedthisautos.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\Program Files\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe.vir Infected: Trojan.Win32.Qhost.zr skipped
WAA4086
2008-01-08, 04:10
Second portion of the Kaspersky report.

C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\Documents and Settings\Ariell\Start Menu\Programs\Startup\infos.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\Documents and Settings\Jared\p423ck.exe.vir Infected: Trojan-Dropper.Win32.FriJoiner.bg skipped

C:\QooBox\Quarantine\C\Documents and Settings\Wendy\Application Data\DOBE~1\сhkdsk.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped

C:\QooBox\Quarantine\C\Documents and Settings\Wendy\Start Menu\Programs\Startup\infos.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\Novell\Messenger\NMCL32.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\AIM\aim.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\AVSystemCare\pgs.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\AVSystemCare\ptask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\AVSystemCare\bm .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\AVSystemCare\bm .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\AVSystemCare\bm .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\AVSystemCare\bm.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\AVSYST~1\ugac.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Sonic\Update Manager\sgtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\Program Files\CyberLink\PowerDVD\DVDLauncher.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Dell\Media Experience\PCMService.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Dell Support\DSAgnt.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\E404 Helper\e404.v6.dll.vir Infected: Trojan-Downloader.Win32.BHO.bt skipped

C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\HP\hpcoretech\hpcmpmgr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\InetGet2\MTE3MTk6ODoxNg.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\QooBox\Quarantine\C\Program Files\Intel\Modem Event Monitor\IntelMEM.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Java\j2re1.4.2_03\bin\jusched.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\kernel\kernel.exe.vir Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\mcagent.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\mcregwiz.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCREGW~1 .EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCREGW~1.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCREGW~2 .EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCREGW~3 .EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\McUpdate.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\Agent\MCUPDA~1.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\VSO\mcmnhdlr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\VSO\mcvsshld.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\McAfee.com\VSO\oasclnt.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Microsoft Money\System\mnyexpr.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Network Monitor\netmon.exe.vir Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Real\RealPlayer\RealPlay.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Router\Router.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\Program Files\Router\UnInstall.exe.vir Infected: Trojan-Downloader.Win32.Delf.dlk skipped

C:\QooBox\Quarantine\C\Program Files\spoolsv.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\QooBox\Quarantine\C\Program Files\Temporary\kernInstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped

C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.6\webbuying.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0004 Infected: Trojan-Downloader.Win32.Small.hkt skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0005 Infected: Trojan.Win32.Pakes.bvs skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0006/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir/data0006 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\QooBox\Quarantine\C\TEMP\ytesm1220.exe.vir NSIS: infected - 6 skipped

C:\QooBox\Quarantine\C\WINDOWS\avp.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjn skipped

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aj2\bumebrpl5.exe.vir Infected: Trojan.Win32.Pakes.bvs skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe.vir Infected: Trojan-Downloader.Win32.VB.ccs skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bronto.dll.vir Infected: Trojan.Win32.Qhost.zz skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddaby.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dla\tfswctrl.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys.vir Infected: Rootkit.Win32.Agent.pr skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\e404d.dll.vir Infected: Trojan-Dropper.Win32.Agent.ctx skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hkcmd.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hphmon05.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\igfxtray.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lexpps.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mr9\gyreo83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mr9\gyreo83122.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\proper.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pwecbyo.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rt27.exe.vir Infected: Backdoor.Win32.Small.cmg skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIBOA.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SSTEM3~1\iexplore .exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SSTEM3~1\iexplore.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ukiwet.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtursqr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\winter.exe.vir Infected: Trojan.Win32.Qhost.zr skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\z1\aroblcidr31z.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\z9\foppzwb91.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\~.exe.vir Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\QooBox\Quarantine\C\WINDOWS\Temp\293851113.exe.vir Infected: Trojan.Win32.Pakes.brk skipped

C:\QooBox\Quarantine\C\WINDOWS\V2VuZHk\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\QooBox\Quarantine\C\WINDOWS\V2VuZHk\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\QooBox\Quarantine\C\wndrcqe.exe.vir Infected: Trojan-Spy.Win32.BZub.bur skipped

C:\QooBox\Quarantine\catchme2007-12-31_163251.00.zip/ctl_w32.sys Infected: Rootkit.Win32.Agent.pq skipped

C:\QooBox\Quarantine\catchme2007-12-31_163251.00.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.bz skipped

C:\QooBox\Quarantine\catchme2007-12-31_163251.00.zip/__c00BE241.dat Infected: Trojan-Downloader.Win32.Agent.euw skipped

C:\QooBox\Quarantine\catchme2007-12-31_163251.00.zip ZIP: infected - 3 skipped

C:\QooBox\Quarantine\catchme2008-01-06_203500.92.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped

C:\QooBox\Quarantine\catchme2008-01-06_203500.92.zip/yayvwur.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\QooBox\Quarantine\catchme2008-01-06_203500.92.zip ZIP: infected - 2 skipped

C:\SDFix\backups\backups.zip/backups/autos.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\SDFix\backups\backups.zip/backups/infos.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\SDFix\backups\backups.zip/backups/winter.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped

C:\SDFix\backups\HOSTS Infected: Trojan.Win32.Qhost.my skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002524.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002525.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002526.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002527.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002528.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002529.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002530.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002531.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002532.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002533.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002534.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002535.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002538.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002539.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002540.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002541.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002542.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002544.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002546.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002547.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002549.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002550.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002551.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002552.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002553.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002555.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002557.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002558.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002559.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002560.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
WAA4086
2008-01-08, 04:11
Third portion of the Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002561.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002562.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002563.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002566.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002567.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002567.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002570.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002571.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002574.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002575.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002576.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002577.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002578.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002579.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002580.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002582.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002583.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002584.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002585.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002586.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002587.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002588.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002589.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002591.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002592.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002593.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002594.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002595.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002596.exe Infected: Trojan-Downloader.Win32.Delf.dlk skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002597.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002642.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002643.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002645.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002648.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002649.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002655.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002656.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002657.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002689.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002728.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002729.exe Infected: Trojan.Win32.Pakes.bvs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002730.exe Infected: Trojan-Downloader.Win32.VB.ccs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002731.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002731.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\change.log Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000003.EXE:ext.exe:$DATA Infected: Backdoor.Win32.Small.cmg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000005.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000006.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000007.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000008.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000015.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000016.sys Infected: Rootkit.Win32.Agent.pr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000018.dll Infected: Trojan-Downloader.Win32.BHO.bt skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000019.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000022.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000025.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000027.dll Infected: Trojan.Win32.Qhost.zz skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000028.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000029.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000030.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000031.dll Infected: Trojan-Dropper.Win32.Agent.ctx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000044.exe Infected: Trojan.Win32.DNSChanger.acs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001022.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001023.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001035.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001038.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001042.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001072.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001073.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001141.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001142.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001143.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001159.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001160.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001161.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001162.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001163.exe Infected: Trojan-Dropper.Win32.FriJoiner.bg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001166.exe Infected: Backdoor.Win32.Small.cmg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001167.exe Infected: Trojan-Spy.Win32.BZub.bur skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001212.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001227.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001259.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001276.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001277.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001278.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001279.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001280.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001281.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001282.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001283.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001284.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001285.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001286.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001290.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001291.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001292.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001293.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001294.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001295.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001296.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001297.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
WAA4086
2008-01-08, 04:13
Fourth portion of the Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001298.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001299.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001300.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001301.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001302.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001303.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001305.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001308.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001311.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001316.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001324.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001338.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001343.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001344.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001346.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001347.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001348.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001358.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001360.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001366.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001375.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001376.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001377.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001380.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001381.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001383.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001384.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001387.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001388.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001389.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001390.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001391.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001393.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001394.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001403.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001404.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001411.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001418.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001421.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001422.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001423.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001424.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001426.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001433.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001434.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001438.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001443.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001444.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001445.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001446.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001447.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001449.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001450.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001453.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001454.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001457.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001458.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001464.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001465.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001471.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001472.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001476.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001477.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001478.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001481.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001493.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001496.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002334.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002336.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002337.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002339.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002342.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002343.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002345.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002346.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002349.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002350.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002356.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002359.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002372.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002374.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002379.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002380.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002382.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002384.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002385.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
WAA4086
2008-01-08, 04:14
Fifth portion of the Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002388.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002405.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002408.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002424.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002431.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002433.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002438.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002442.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002443.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002445.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002446.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002447.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002448.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002449.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002451.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002454.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002455.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002456.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002457.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002461.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002463.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002464.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002466.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002469.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002470.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002472.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002473.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002479.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002480.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002482.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002483.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002484.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002485.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002488.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002499.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002501.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002512.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002516.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002517.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002518.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002519.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002520.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002521.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002522.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002523.exe Infected: Trojan-Downloader.Win32.Agent.gdi skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\bgxvillj.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\dhlp.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\WINDOWS\SYSTEM32\ernel32.dll Infected: Trojan-Downloader.Win32.Small.gue skipped

C:\WINDOWS\SYSTEM32\fmtcnczf.exe Infected: Email-Worm.Win32.Zhelatin.p skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\ilffthka.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\WINDOWS\SYSTEM32\mawzkjkh.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\WINDOWS\SYSTEM32\ptjhirzb.jtk Infected: Trojan-Clicker.Win32.Small.js skipped

C:\WINDOWS\SYSTEM32\rt26.exe Infected: Trojan.Win32.Small.iz skipped

C:\WINDOWS\SYSTEM32\sol548.txt Infected: Trojan.Win32.Qhost.zs skipped

C:\WINDOWS\SYSTEM32\vdkfepzq.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

Scan process completed.
WAA4086
2008-01-08, 04:15
Here is the latest HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:46 PM, on 1/7/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Novell\Messenger\NMCL32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCABBE~1.EXE /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8953 bytes
Shaba
2008-01-08, 14:42
Hi

Empty these folders:

C:\QooBox\Quarantine\
C:\SDFix\backups\

Delete these:

C:\WINDOWS\SYSTEM32\DRIVERS\dhlp.sys

C:\WINDOWS\SYSTEM32\ernel32.dll

C:\WINDOWS\SYSTEM32\fmtcnczf.exe

C:\WINDOWS\SYSTEM32\ilffthka.exe

C:\WINDOWS\SYSTEM32\mawzkjkh.exe

C:\WINDOWS\SYSTEM32\ptjhirzb.jtk

C:\WINDOWS\SYSTEM32\rt26.exe

C:\WINDOWS\SYSTEM32\sol548.txt

C:\WINDOWS\SYSTEM32\vdkfepzq.exe

C:\WINDOWS\SYSTEM32\bgxvillj.exe

C:\Documents and Settings\Wendy\Application Data\Microsoft\Windows\gesrrrhm.exe

C:\Documents and Settings\Wendy\Desktop\ieupdr2.exe

C:\Documents and Settings\Wendy\ie_updates3r.exe

C:\Documents and Settings\Jared\Local Settings\Tempmbroit.exe

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
WAA4086
2008-01-09, 03:06
Emptied the specified folders and Deleted the specified items.

Re-ran Kaspersky, here is the report.

Tuesday, January 08, 2008 9:02:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/01/2008
Kaspersky Anti-Virus database records: 504448


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 87248
Number of viruses found 45
Number of infected objects 339
Number of suspicious objects 0
Duration of the scan process 00:45:17

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.lrd Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Wendy\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Wendy\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\History\History.IE5\MSHist012008010820080109\index.dat Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Temp\JETA5A6.tmp Object is locked skipped

C:\Documents and Settings\Wendy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Wendy\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Wendy\ntuser.dat.LOG Object is locked skipped

C:\hpcmerr.log Object is locked skipped

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-192827-811-Malwaredetectedthisautos.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\Program Files\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002524.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002525.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002526.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002527.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002528.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002529.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002530.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002531.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002532.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002533.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002534.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002535.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002538.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002539.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002540.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002541.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002542.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002544.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002546.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002547.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002549.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002550.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002551.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002552.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002553.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002555.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002557.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002558.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002559.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002560.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002561.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002562.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002563.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002564.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002566.exe Infected: Trojan-Downloader.Win32.PurityScan.fg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002567.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002567.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002570.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002571.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002573.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002574.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002575.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002576.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002577.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002578.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002579.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002580.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002582.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002583.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002584.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002585.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002586.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002587.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002588.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002589.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002591.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002592.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002593.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002594.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002595.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002596.exe Infected: Trojan-Downloader.Win32.Delf.dlk skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002597.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002642.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002643.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002645.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002648.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002649.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002655.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002656.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002657.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.clb skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0002689.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002728.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002729.exe Infected: Trojan.Win32.Pakes.bvs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002730.exe Infected: Trojan-Downloader.Win32.VB.ccs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002731.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0002731.exe NSIS: infected - 1 skipped
WAA4086
2008-01-09, 03:10
Here is the second section of the Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002811.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002812.dll Infected: Trojan-Downloader.Win32.Small.gue skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002813.exe Infected: Email-Worm.Win32.Zhelatin.p skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002814.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002815.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002816.exe Infected: Trojan.Win32.Small.iz skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002817.exe Infected: Trojan-Downloader.Win32.Small.dam skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002818.exe Infected: Trojan-Downloader.Win32.Tiny.et skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002819.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002820.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002821.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0002822.exe Infected: Trojan-Downloader.Win32.Agent.euw skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\change.log Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000003.EXE:ext.exe:$DATA Infected: Backdoor.Win32.Small.cmg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000005.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000006.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000007.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000008.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000015.exe Infected: Trojan-Downloader.Win32.Tiny.aca skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000016.sys Infected: Rootkit.Win32.Agent.pr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000018.dll Infected: Trojan-Downloader.Win32.BHO.bt skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000019.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000022.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000025.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000027.dll Infected: Trojan.Win32.Qhost.zz skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000028.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000029.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000030.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000031.dll Infected: Trojan-Dropper.Win32.Agent.ctx skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000044.exe Infected: Trojan.Win32.DNSChanger.acs skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001022.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001023.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001035.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001038.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001042.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001072.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001073.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001141.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001142.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001143.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001159.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001160.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001161.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001162.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001163.exe Infected: Trojan-Dropper.Win32.FriJoiner.bg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001166.exe Infected: Backdoor.Win32.Small.cmg skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001167.exe Infected: Trojan-Spy.Win32.BZub.bur skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001212.exe Infected: Trojan.Win32.Qhost.zr skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001227.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001259.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001276.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001277.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001278.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001279.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001280.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001281.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001282.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001283.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001284.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001285.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001286.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001290.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001291.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001292.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001293.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001294.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001295.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001296.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001297.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001298.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001299.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001300.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001301.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001302.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001303.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001305.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001306.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001307.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001308.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001311.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001316.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001324.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001338.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001343.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001344.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001346.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001347.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001348.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001358.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001360.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
WAA4086
2008-01-09, 03:15
This is the third portion of the Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001366.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001370.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001375.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001376.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001377.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001380.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001381.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001383.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001384.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001387.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001388.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001389.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001390.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001391.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001393.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001394.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001403.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001404.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0001411.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001418.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001421.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001422.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001423.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001424.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001426.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001433.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001434.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001435.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001438.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001443.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001444.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001445.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001446.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001447.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001449.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001450.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001453.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001454.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001457.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001458.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001464.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001465.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001471.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001472.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001476.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001477.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001478.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001481.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001493.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0001496.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002330.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002332.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002334.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002336.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002337.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002339.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002342.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002343.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002345.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002346.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002349.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002350.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002356.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002359.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002364.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002365.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002368.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002369.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002371.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002372.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002373.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002374.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002379.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002380.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002382.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002384.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002385.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002388.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
WAA4086
2008-01-09, 03:16
Fourth section of Kaspersky report.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002405.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002408.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002424.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002429.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002430.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002431.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002433.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002436.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002438.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002442.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002443.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002445.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002446.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002447.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002448.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002449.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002451.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002454.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002455.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002456.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002457.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002461.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002463.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002464.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002466.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002469.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002470.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002472.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002473.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002479.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002480.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002482.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002483.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002484.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002485.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002488.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002499.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002501.exe Infected: Trojan-Downloader.Win32.Adload.pn skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002512.exe Infected: Trojan-Downloader.Win32.PurityScan.ez skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002516.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002517.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002518.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002519.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002520.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002521.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002522.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0002523.exe Infected: Trojan-Downloader.Win32.Agent.gdi skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

Scan process completed.
WAA4086
2008-01-09, 03:17
Here is the latest HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:59 PM, on 1/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Novell\Messenger\NMCL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCABBE~1.EXE /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE" /FU "C:\WINDOWS\TEMP\E_S130.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8952 bytes
Shaba
2008-01-09, 11:03
Hi

Delete these:

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080103-192827-811-Malwaredetectedthisautos.exe

C:\Program Files\TTC.dll

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
WAA4086
2008-01-09, 14:33
Hello,

Deleted the specified files. Emptied the recycle bin.

Let me know what steps to take to finish cleaning up the backups/restores.

Do I have to do anything with the items that you mentioned are inactive? Will they become active?

I receive a message upon booting up the computer that McAfee Security Center may not have been installed or launched properly. It advises me to reinstall the program.

The computer is running great now. I am able to access the control panel without being restricted.

There are no longer any pop-up ads/programs and the computer is running much faster.

What recommendations would you have regarding maintenance routines to keep my computer running clean?

Should I bring my computer up to date with Microsoft Windows updates (ie. SP2)?

What recommendation would you have regarding an antivirus software and a spyware software?

Anything else that I should know regarding keeping my computer clean?
Shaba
2008-01-09, 14:54
Hi

"Do I have to do anything with the items that you mentioned are inactive? Will they become active?"

No, just follow system restore steps from below.

"I receive a message upon booting up the computer that McAfee Security Center may not have been installed or launched properly. It advises me to reinstall the program."

Yes, it's possible that vundo damaged it. I advise too to reinstall.

"What recommendations would you have regarding maintenance routines to keep my computer running clean?

Should I bring my computer up to date with Microsoft Windows updates (ie. SP2)?

What recommendation would you have regarding an antivirus software and a spyware software?

Anything else that I should know regarding keeping my computer clean?"

See my recommendations from below and yes, install SP2.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can fix these, first two are leftovers and two others are considered as optional removal:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

If McAfee doesn't have a firewall install one from below:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/)
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546).
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
Do the same for each Viewpoint component.

Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnerable for infections.
Please download the newest version here:
http://www.adobe.com/products/acrobat/readstep2_servefile.html?option=full&order=1&type=&language=English&platform=WinXPSP2&esdcanbeused=0&esdcanhandle=0&hasjavascript=1&dlm=nos

Install it, then go to Add/Remove Programs and remove any older versions that may remain.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 4 (http://java.sun.com/javase/downloads/index.jsp) and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u4...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Next we remove all used tools.

Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) and save it to desktop.

Double-click OTMoveIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware 2007 to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)


Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

Instructions for Spybot S & D (http://www.bleepingcomputer.com/forums/?showtutorial=43)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:
Shaba
2008-01-11, 10:49
Since this issue appears resolved ... this Topic is closed. Glad I could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.