Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: Another Virtumonde Removal

  1. #21
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    ((((((((((((((((((((((((((((( snapshot@2007-10-06_23.44.17.76 )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 14,048 2005-02-25 03:35:06 C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    ----a-w 209,632 2005-02-25 03:35:06 C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    ----a-w 22,240 2005-02-25 03:35:06 C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    ----a-w 718,048 2005-02-25 03:35:06 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    ----a-w 371,936 2005-02-25 03:35:08 C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
    ----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
    ----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
    ----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
    -c----w 581,120 2004-10-08 12:01:47 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
    -c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
    -c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
    -c----w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
    -c----w 151,040 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
    -c----w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\danim.dll
    -c----w 357,888 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
    -c----w 205,824 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
    -c----w 55,808 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
    -c----w 18,432 2007-06-14 10:32:36 C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
    -c----w 251,904 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
    -c----w 96,256 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
    -c----w 16,384 2007-06-15 08:12:28 C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
    -c----w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
    -c----w 449,024 2007-06-15 08:12:29 C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
    -c----w 146,432 2007-06-15 08:12:29 C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
    -c----w 532,480 2007-06-15 08:12:29 C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
    -c----w 39,424 2007-06-15 08:12:29 C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
    -c----w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
    -c----w 474,112 2007-06-15 08:12:30 C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
    -c----w 616,960 2007-06-15 08:12:30 C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
    -c----w 665,600 2007-06-26 14:35:54 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    -c----w 350,720 2007-06-14 10:08:46 C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
    -c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spuninst.exe
    ----a-w 1,022,976 2007-08-22 12:55:28 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
    ----a-w 151,040 2007-08-22 12:55:29 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
    ----a-w 1,054,208 2007-08-22 12:55:30 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
    ----a-w 357,888 2007-08-22 12:55:30 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
    ----a-w 205,824 2007-08-22 12:55:31 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
    ----a-w 55,808 2007-08-22 12:55:31 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
    ----a-w 18,432 2007-08-21 10:19:39 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
    ----a-w 251,904 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
    ----a-w 96,256 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
    ----a-w 16,384 2007-08-22 12:55:32 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
    ----a-w 3,064,832 2007-08-22 12:55:36 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
    ----a-w 449,024 2007-08-22 12:55:37 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
    ----a-w 146,432 2007-08-22 12:55:37 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
    ----a-w 532,480 2007-08-22 12:55:38 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
    ----a-w 39,424 2007-08-22 12:55:38 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
    ----a-w 1,498,112 2007-08-22 12:55:40 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
    ----a-w 474,112 2007-08-22 12:55:41 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
    ----a-w 617,984 2007-08-22 12:55:43 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
    ----a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
    ----a-w 350,720 2007-08-21 10:13:33 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\updspapi.dll
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
    ----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
    ----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
    ----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
    ----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
    ----a-w 14,048 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\spmsg.dll
    ----a-w 209,632 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\spuninst.exe
    ----a-w 74,240 2005-06-29 01:46:00 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\sp2gdr\mscms.dll
    ----a-w 22,240 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\update\spcustom.dll
    ----a-w 718,048 2005-02-25 03:35:06 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\update\update.exe
    ----a-w 371,936 2005-02-25 03:35:08 C:\WINDOWS\SoftwareDistribution\Download\851ca0947900bb8445d41485b8290a6f\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
    ----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
    ----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
    ----a-w 1,022,976 2007-08-22 12:55:28 C:\WINDOWS\system32\browseui.dll
    ----a-w 151,040 2007-08-22 12:55:29 C:\WINDOWS\system32\cdfview.dll
    ----a-w 1,054,208 2007-08-22 12:55:30 C:\WINDOWS\system32\danim.dll
    ----a-w 357,888 2007-08-22 12:55:30 C:\WINDOWS\system32\dxtmsft.dll
    ----a-w 205,824 2007-08-22 12:55:31 C:\WINDOWS\system32\dxtrans.dll
    ----a-w 55,808 2007-08-22 12:55:31 C:\WINDOWS\system32\extmgr.dll
    ----a-w 196,160 2007-10-11 02:23:27 C:\WINDOWS\system32\FNTCACHE.DAT
    ----a-w 251,904 2007-08-22 12:55:32 C:\WINDOWS\system32\iepeers.dll
    ----a-w 96,256 2007-08-22 12:55:32 C:\WINDOWS\system32\inseng.dll
    ----a-w 16,384 2007-08-22 12:55:32 C:\WINDOWS\system32\jsproxy.dll
    ----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
    ----a-w 3,064,832 2007-08-22 12:55:36 C:\WINDOWS\system32\mshtml.dll
    ----a-w 449,024 2007-08-22 12:55:37 C:\WINDOWS\system32\mshtmled.dll
    ----a-w 146,432 2007-08-22 12:55:37 C:\WINDOWS\system32\msrating.dll
    ----a-w 532,480 2007-08-22 12:55:38 C:\WINDOWS\system32\mstime.dll
    ----a-w 39,424 2007-08-22 12:55:38 C:\WINDOWS\system32\pngfilt.dll
    ----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
    ----a-w 1,498,112 2007-08-22 12:55:40 C:\WINDOWS\system32\shdocvw.dll
    ----a-w 474,112 2007-08-22 12:55:41 C:\WINDOWS\system32\shlwapi.dll
    ----a-w 617,984 2007-08-22 12:55:43 C:\WINDOWS\system32\urlmon.dll
    ----a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\system32\wininet.dll
    ----a-w 350,720 2007-08-21 10:13:33 C:\WINDOWS\system32\xpsp3res.dll
    ----a-w 16,384 2007-10-10 03:06:42 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    ----a-w 32,768 2007-10-10 03:06:42 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    -c--a-w 1,022,976 2007-08-22 12:55:28 C:\WINDOWS\system32\dllcache\browseui.dll
    -c--a-w 151,040 2007-08-22 12:55:29 C:\WINDOWS\system32\dllcache\cdfview.dll
    -c--a-w 1,054,208 2007-08-22 12:55:30 C:\WINDOWS\system32\dllcache\danim.dll
    -c--a-w 357,888 2007-08-22 12:55:30 C:\WINDOWS\system32\dllcache\dxtmsft.dll
    -c--a-w 205,824 2007-08-22 12:55:31 C:\WINDOWS\system32\dllcache\dxtrans.dll
    -c--a-w 55,808 2007-08-22 12:55:31 C:\WINDOWS\system32\dllcache\extmgr.dll
    -c--a-w 18,432 2007-08-21 10:19:39 C:\WINDOWS\system32\dllcache\iedw.exe
    -c--a-w 251,904 2007-08-22 12:55:32 C:\WINDOWS\system32\dllcache\iepeers.dll
    -c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
    -c--a-w 96,256 2007-08-22 12:55:32 C:\WINDOWS\system32\dllcache\inseng.dll
    -c--a-w 16,384 2007-08-22 12:55:32 C:\WINDOWS\system32\dllcache\jsproxy.dll
    -c--a-w 3,064,832 2007-08-22 12:55:36 C:\WINDOWS\system32\dllcache\mshtml.dll
    -c--a-w 449,024 2007-08-22 12:55:37 C:\WINDOWS\system32\dllcache\mshtmled.dll
    -c--a-w 146,432 2007-08-22 12:55:37 C:\WINDOWS\system32\dllcache\msrating.dll
    -c--a-w 532,480 2007-08-22 12:55:38 C:\WINDOWS\system32\dllcache\mstime.dll
    -c--a-w 39,424 2007-08-22 12:55:38 C:\WINDOWS\system32\dllcache\pngfilt.dll
    -c--a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\dllcache\rpcrt4.dll
    -c--a-w 1,498,112 2007-08-22 12:55:40 C:\WINDOWS\system32\dllcache\shdocvw.dll
    -c--a-w 474,112 2007-08-22 12:55:41 C:\WINDOWS\system32\dllcache\shlwapi.dll
    -c--a-w 617,984 2007-08-22 12:55:43 C:\WINDOWS\system32\dllcache\urlmon.dll
    -c--a-w 665,600 2007-08-22 12:55:44 C:\WINDOWS\system32\dllcache\wininet.dll
    ----a-w 61,632 2007-10-10 17:18:11 C:\WINDOWS\system32\drivers\avipbb.sys

  2. #22
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    ----a-w 14,048 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    ----a-w 209,632 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    ----a-w 22,240 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    ----a-w 718,048 2005-02-25 04:35:06 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    ----a-w 371,936 2005-02-25 04:35:08 C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    ----a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\browseui.dll
    ----a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\cdfview.dll
    ----a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\danim.dll
    ----a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\system32\dxtmsft.dll
    ----a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\system32\dxtrans.dll
    ----a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\system32\extmgr.dll
    ----a-w 196,160 2007-06-12 15:22:47 C:\WINDOWS\system32\FNTCACHE.DAT
    ----a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\system32\iepeers.dll
    ----a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\system32\inseng.dll
    ----a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\system32\jsproxy.dll
    ----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
    ----a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\system32\mshtml.dll
    ----a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\system32\mshtmled.dll
    ----a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\system32\msrating.dll
    ----a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\system32\mstime.dll
    ----a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\system32\pngfilt.dll
    ----a-w 581,120 2004-10-08 12:01:47 C:\WINDOWS\system32\rpcrt4.dll
    ----a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shdocvw.dll
    ----a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shlwapi.dll
    ----a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\system32\urlmon.dll
    ----a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\system32\wininet.dll
    ----a-w 350,720 2007-06-14 10:08:46 C:\WINDOWS\system32\xpsp3res.dll
    ----a-w 16,384 2007-10-03 17:17:40 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    ----a-w 32,768 2007-10-03 17:17:40 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    -c--a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\browseui.dll
    -c--a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\cdfview.dll
    -c--a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\danim.dll
    -c--a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\dxtmsft.dll
    -c--a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\dxtrans.dll
    -c--a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\extmgr.dll
    -c--a-w 18,432 2007-06-14 10:32:36 C:\WINDOWS\system32\dllcache\iedw.exe
    -c--a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\iepeers.dll
    -c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
    -c--a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\inseng.dll
    -c--a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\jsproxy.dll
    -c--a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mshtml.dll
    -c--a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mshtmled.dll
    -c--a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\msrating.dll
    -c--a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mstime.dll
    -c--a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\pngfilt.dll
    -c--a-w 581,120 2004-10-08 12:01:47 C:\WINDOWS\system32\dllcache\rpcrt4.dll
    -c--a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shdocvw.dll
    -c--a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shlwapi.dll
    -c--a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\urlmon.dll
    -c--a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\system32\dllcache\wininet.dll
    ----a-w 62,016 2007-09-09 17:26:58 C:\WINDOWS\system32\drivers\avipbb.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A953C25-71ED-4777-AB7E-D4F736097A3E}]
    C:\WINDOWS\system32\cscu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-26 00:33]
    "nwiz"="nwiz.exe" [2005-07-26 00:34 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-26 00:34]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-25 22:15]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 10:18]
    "HostManager"="C:\Program Files\Common Files\AOL\1170093156\ee\AOLSoftware.exe" [2006-09-25 17:52]
    "Disk Monitor"="C:\Documents and Settings\Scot\Disk_Monitor.exe" []
    "Tpscrex"="C:\Program Files\MSTpscre\Tpscrex.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
    R2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys
    R2 Par1284;Par1284;\??\C:\Program Files\FlexiSIGN-PRO 7.5v5\Program\Par1284.sys
    R3 PhilTune;Philips TV Tuner;C:\WINDOWS\system32\Drivers\PhilTune.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd81a016-99bc-11db-8e60-806d6172696f}]
    AutoRun\command - I:\Setup.exe

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-10 19:32:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-10 19:33:42
    C:\ComboFix-quarantined-files.txt ... 2007-10-09 21:01
    C:\ComboFix2.txt ... 2007-10-09 21:02
    C:\ComboFix3.txt ... 2007-10-06 23:45
    .
    --- E O F ---

  3. #23
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:41:31 PM, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\AOL\1170093156\ee\AOLSoftware.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\AOL\1170093156\ee\aolsoftware.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Scot\Desktop\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0A953C25-71ED-4777-AB7E-D4F736097A3E} - C:\WINDOWS\system32\cscu.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170093156\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Scot\Disk_Monitor.exe
    O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167762646265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6685 bytes

  4. #24
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Glad to see that it's gone now

    We need to disable TeaTimer temporarily. You can re-enable it after you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    After that:

    Open HijackThis, click do a system scan only and checkmark these:

    O2 - BHO: (no name) - {0A953C25-71ED-4777-AB7E-D4F736097A3E} - C:\WINDOWS\system32\cscu.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


    Close all windows including browser and press fix checked.

    Reboot.

    Re-scan with kaspersky

    Post:

    - a fresh HijackThis log
    - kaspersky report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #25
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    Dumb question,

    Which program is Kaspersky?

  6. #26
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Kaspersky online scan which activex you already seem to have installed.

    If you need more specific instructions, see below:

    Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      + Extended (If available otherwise Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Click OK
    • Now under select a target to scan select My Computer
    • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

    Post:

    - a fresh HijackThis log
    - kaspersky report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #27
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:54:03 PM, on 10/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\AOL\1170093156\ee\AOLSoftware.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\Program Files\Common Files\AOL\1170093156\ee\aolsoftware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Scot\Desktop\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170093156\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Disk Monitor] C:\Documents and Settings\Scot\Disk_Monitor.exe
    O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167762646265
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6328 bytes

  8. #28
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, October 11, 2007 11:14:21 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 12/10/2007
    Kaspersky Anti-Virus database records: 431150
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan Statistics:
    Total number of scanned objects: 422868
    Number of viruses found: 2
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 04:17:57

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Scot\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dfd Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.did Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Documents.dsd Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdb Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kdl Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kib Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.kpf Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\DTS\Index\MainChunk\Keywords.ksb Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\History\History.IE5\MSHist012007101120071012\index.dat Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Temp\7.tmp Object is locked skipped
    C:\Documents and Settings\Scot\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Scot\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Scot\ntuser.dat.LOG Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\57edce9b5d77e51370d75e27391bf2f5_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\5cf988d351becada44e9c493e555fe0e_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\627a521969edcfe064a13ec895fa8d45_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\a91987c47542266a15a1a1864dd8a610_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\found.003\dir0000.chk\Microsoft\Crypto\RSA\MachineKeys\ef5b556cc6e17b2bc47789138e0e1b82_d39e801f-ebfd-4b26-8510-4e660a2d1e26 Object is locked skipped
    C:\qoobox\Quarantine\catchme2007-10-06_234316.34.zip/jkhhi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
    C:\qoobox\Quarantine\catchme2007-10-06_234316.34.zip ZIP: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{FF5BBA49-5E4F-48A3-87DB-0C0661B967C7}\RP29\A0010188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
    C:\System Volume Information\_restore{FF5BBA49-5E4F-48A3-87DB-0C0661B967C7}\RP35\change.log Object is locked skipped
    C:\VundoFix Backups\jkhhi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  9. #29
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Empty these folders:

    C:\qoobox\Quarantine
    C:\VundoFix Backups

    Empty Recycle Bin

    Still problems?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #30
    Junior Member
    Join Date
    Oct 2007
    Posts
    20

    Default

    you are awsome.

    I just emptied and deleted what you told me to and ran Spybot and my Anitvirus with no detections.

    When I was infected i would get pop-ups from my AV saying detection in c:windows/system32/drivers/yadayadayada saying it found trojans and other bad "STUFF" havent had a single one yet.

    I will keep you posted, but hopefully Im all done with that crap


    Thanks for all the help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •