efcyyvt.dll is kicking my butt!

[Kellie]

I'm really hoping that someone can give me a 2nd opinion. There must be *something* I'm missing and it's becoming a very unhealthy obsession. LOL (At least that's what my husband tells me!)

We rebuild my system last week. Prior to moving any of my files from the old PC to the new, I ran scans and checks on everything making sure it was clean. Also, I wasn't having infection problems on my old system so I'm relatively sure this is a new problem and not something I transferred from system to system.

I am running Windows XP - service pack 2 is installed.
My virus scanner is McAffee Total Protection and is up-to-date with all updates.

Ad-Aware 2007 version 0012.0000 is installed and up-to-date.

Spybot-Search and Destroy 1.4 is installed and up-to-date.

IE is my default browser - however 99% of the time I use Firefox. (I noticed an immediate decline in the number of pop-ups I had to deal with by using Firefox instead of IE.
However, when Firefox was set as my default browser - I had just as many.)

History, temporary internet files and cookies are deleted everytime I close the browser.

I am running Spyware Blaster version 3.5.1 - updates complete and all protections are enabled.

ATF-Cleaner is installed and I use it, frequently.

Trend Micro Hijack This - version 2 is installed in its own directory, not on the desktop.

Vundo Fix is run daily.

Online virus scanner - CA
08-03-07 found the following:

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local Settings\Temporary Internet Files\Content.IE5\5SENU1JG\

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local

Settings\Temporary Internet Files\Content.IE5\HZOA35FU\

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local

Settings\Temporary Internet Files\Content.IE5\ZV2LOJI5\

backup-20070801-164032-702.dll Win32/Chisyne!generic deleted C:\Hijack\backups\

awtss.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

ddccc.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

geedc.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

qespsxle.exe.bad Win32/Secdrop.OF deleted C:\VundoFix Backups\

sstts.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

efcyyvt.dll Win32/Chisyne!generic cannot delete C:\WINDOWS\system32\

jquhytda.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

pmnll.dll Win32/Vundo!generic cannot delete C:\WINDOWS\system32\

rkficesp.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

yjwericp.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

14 viruses detected - 12 were deleted
remaining infected files:

c:\windows\system32\efcyyvt.dll
c:\windows\system32\pmn.dll

*The thing I found interesting with this is that the only website I went to was the online CA virus scanning page. I had cleared my temporary internet files BEFORE the scan began, yet the scan found and deleted additional files.

I then attempted to run Spybot Search and Destroy in safe mode - however, the program ran for an hour and never actually did anything.

I then attempted to log in in safe mode with a c prompt to delete efcyyvt.dll and pmn.dll - but I wasn't able to either delete or rename the files because they were both in use by another program. According to task manager the only thing that was running was explorer and task manager.

Should I be deleting the Hijack This backup files?

Ugggh.

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:30:18 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll

(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} -

C:\WINDOWS\system32\efcyyvt.dll
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll

(file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll

(file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program

Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed

VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/wind...b_site.cab?118

5663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: efcyyvt - C:\WINDOWS\SYSTEM32\efcyyvt.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. -

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program

Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,

Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6195 bytes

Here is my VundoFix log. Note - this morning it was completely clean, then after I ran it after the CA online virus scan (the only website I visited) it found 3 vundo files, deleted them and now it's again clean.

VundoFix V6.5.6

Checking Java version...

Scan started at 8:17:43 AM 8/3/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Scan started at 3:32:31 PM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\pmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Scan started at 3:37:33 PM 8/3/2007

Listing files found while scanning....

No infected files were found.

Then I ran Ad-Aware, 13 cookies was all that was found and removed. (I didn't post the log because it was huge, but I can do so if needed.)

Search & Destroy reports no immediate threats were found.

So, to the best of my knowledge - the only thing remaining on my PC is this stupid efcyyvt.dll that I can't seem to make disappear. Any suggestions?

I'm no longer getting IE pop-ups but I am getting pop ups from Search and Destroy that something is trying to change a registry setting. This happens if my sytem is idle for 20 minutes or so. If I walk away and come back - it's pretty much guarenteed I'm going to get that notification.

Also, is there something else that I should be doing browser-wise? I just don't understand why all of a sudden everytime I go online I get a vundo infection. Between spywareblaster and high security settings in my browser (along with my obsessive scanning!) plus a virus scanner and a router - I just would have thought I had all my bases covered.

Thanks in advance - the restoring of my sanity will be greatly appreciated.

Kellie.

[Blade81]

Hi

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log (this time disable word wrap setting in notepad to make log appear without those gaps between the lines making checking more difficult).

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

[Kellie]

Thanks for answering so quickly!!

Here is the log from ComboFix:

ComboFix 07-08-04.3 - "Kellie" 2007-08-03 17:41:45.1 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Kellie\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\efcyyvt.dll
C:\WINDOWS\system32\geebb.dll


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-02 08:36 <DIR> d-------- C:\VundoFix Backups
2007-08-02 06:22 125,504 --a------ C:\WINDOWS\system32\aruwxxoj.dll
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-08-01 06:29 125,504 --a------ C:\WINDOWS\system32\nfxondug.dll
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-31 06:32 125,504 --a------ C:\WINDOWS\system32\unbmndfm.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\poo.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\pdum.dll
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-30 06:30 126,016 --a------ C:\WINDOWS\system32\kusvmnvj.dll
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-07-29 21:13 445,440 --a------ C:\WINDOWS\system32\LFCMW13n.dll
2007-07-29 21:13 416,256 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-29 21:13 38,400 --a------ C:\WINDOWS\system32\lfflc13n.dll
2007-07-29 21:13 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-07-29 21:13 351,744 --a------ C:\WINDOWS\system32\LFCMP13n.DLL
2007-07-29 21:13 35,840 --a------ C:\WINDOWS\system32\lfcal13n.dll
2007-07-29 21:13 35,328 --a------ C:\WINDOWS\system32\lttwn13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D4813F9-0D51-4273-9784-BFC15C3FB9F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52AAE82D-7178-4673-8525-5A6AEE00D0DB}]
C:\WINDOWS\system32\sstts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA15C5D6-2BD4-4794-93B8-520A5E6570EC}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA2687F-3232-49D5-9D63-731E8F36F6C9}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F80D34EC-A282-4CA8-881B-66FD837A2659}]
C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 17:45:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 17:47:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-03 17:47

--- E O F ---

And here is the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:22:52 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5874 bytes

Thanks so much!

Kellie.

[Blade81]

Hi Kellie

Upload following files to http://www.virustotal.com and post the results:
C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
C:\WINDOWS\system32\drivers\fjcvduftgcii.sys


Disable Spybot's TeaTimer

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Start hjt, click do a system scan only, check:
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\aruwxxoj.dll
C:\WINDOWS\system32\nfxondug.dll
C:\WINDOWS\system32\kusvmnvj.dll

Folder::
C:\VundoFix Backups

Save this as
CFScript




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh hjt log.

[Kellie]

Hey Blade.

I just wanted you to know that it's probably going to be Monday before I can get to this. I didn't want you to think I took off - and I really appreciate your time.

Kellie.

[Blade81]

Okay, I'll be waiting for your input

[Kellie]

Okay - I'm going to have to post this in 2 sections because it exceeded the character quota.

Results from scan:

File duaxvqatblvq.sys received on 08.06.07 15:27:17 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce


File mvcusexxobbo.sys received on 08.06.07 15:58:47 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File fjcvduftgcii.sys received on 08.06.2007 16:06:08 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce


Combo Fix Log:

ComboFix 07-08-04.3 - "Kellie" 2007-08-06 9:33:07.2 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Kellie\Desktop\Install Files\Combo Fix\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\VundoFix Backups\cccdd.bak1.bad
C:\VundoFix Backups\cccdd.bak2.bad
C:\VundoFix Backups\cccdd.ini.bad
C:\VundoFix Backups\cccdd.ini2.bad
C:\VundoFix Backups\cccdd.tmp.bad
C:\VundoFix Backups\cdeeg.bak1.bad
C:\VundoFix Backups\cdeeg.ini.bad
C:\VundoFix Backups\llnmp.bak1.bad
C:\VundoFix Backups\llnmp.ini.bad
C:\VundoFix Backups\pmnll.dll.bad
C:\VundoFix Backups\sstwa.bak1.bad
C:\VundoFix Backups\sstwa.ini.bad
C:\VundoFix Backups\sttss.bak1.bad
C:\VundoFix Backups\sttss.ini.bad
C:\WINDOWS\system32\aruwxxoj.dll
C:\WINDOWS\system32\kusvmnvj.dll
C:\WINDOWS\system32\nfxondug.dll


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-04 19:27 61,440 --a------ C:\WINDOWS\system32\SCSINT.DLL
2007-08-04 19:27 348,160 --a------ C:\WINDOWS\system32\ZIPTOA.EXE
2007-08-04 19:20 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Active Disk
2007-08-04 19:17 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-04 19:16 <DIR> d-------- C:\Program Files\Iomega
2007-08-03 19:43 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-31 06:32 125,504 --a------ C:\WINDOWS\system32\unbmndfm.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\poo.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\pdum.dll
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-07-29 21:13 445,440 --a------ C:\WINDOWS\system32\LFCMW13n.dll
2007-07-29 21:13 416,256 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-29 21:13 38,400 --a------ C:\WINDOWS\system32\lfflc13n.dll
2007-07-29 21:13 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-07-29 21:13 351,744 --a------ C:\WINDOWS\system32\LFCMP13n.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\Kellie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Iomega Backup Scheduler.lnk - C:\Program Files\Iomega\Iomega Backup\dtiom98.exe [2007-08-04 19:27:39]
Iomega Icons.lnk - C:\Program Files\Iomega\Tools\IMGICON.EXE [2007-08-04 19:27:37]
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools\IMGSTART.EXE [2007-08-04 19:27:37]
IomegaWare.lnk - C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE [2007-08-04 19:27:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 09:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-06 9:36:52
C:\ComboFix-quarantined-files.txt ... 2007-08-06 09:36
C:\ComboFix2.txt ... 2007-08-03 17:47

--- E O F ---

[Kellie]

New Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:41:12 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O20 - Winlogon Notify: efcyyvt - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 6816 bytes

[Blade81]

Hi

I meant results where scanners say infection found/not found. It looks like you didn't post complete results.


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\system32\efcyyvt.dll
C:\WINDOWS\system32\unbmndfm.dll
C:\WINDOWS\system32\poo.dll
C:\WINDOWS\system32\pdum.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

Save this as
CFScript (overwrite previous one)




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh hjt log.

[Kellie]

Sorry, I just posted the condensed version of the logs since the files were clean. I ran them
again and posted the results.

File duaxbqatblvq.sys received on 08.06.2007 20:35:45 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File mvcusexxobbo.sys received on 08.06.2007 20:50:01 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File fjcvduftgcii.sys received on 08.06.2007 21:01:48 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce