Results 1 to 3 of 3

Thread: Smitfraud-C, Virtumonde.generic

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    23

    Default Smitfraud-C, Virtumonde.generic

    Hello all,

    I ran a system check with spybot a week ago. System check found Smitfraud-C, Virtumonde.generic, Right Media and Virtumonde trojans. I tried fixing them with spybot first but did not succeed. Later I tried removing them manually but failed again. I was wondering if anyone here can help me removing these trojans.

    PS: I ran combofix and HJThis. Logs attached.

  2. #2
    Junior Member
    Join Date
    Dec 2008
    Posts
    23

    Default

    Could not attach the files. copy/paste here.

    Hijackthis Log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:00:46 PM, on 12/20/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Protector Suite QL\menusw.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
    O4 - HKLM\..\Run: [VAIO Recovery] c:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S9C5.tmp" /EF "HKCU"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusremover2008.com
    O15 - Trusted Zone: *.virusschlacht.com
    O15 - Trusted Zone: *.amaena.com (HKLM)
    O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    O15 - Trusted Zone: *.onerateld.com (HKLM)
    O15 - Trusted Zone: *.safetydownload.com (HKLM)
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    O15 - Trusted Zone: *.virusremover2008.com (HKLM)
    O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
    O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon....serVersion=7.0
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199995506305
    O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) - http://212.175.239.246:81/avaLaunch94.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    --
    End of file - 16568 bytes

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    23

    Default

    Combofix Log:
    ComboFix 08-12-18.03 - Efe Tuncel 2008-12-20 13:19:24.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1333 [GMT -5:00]
    Running from: c:\documents and settings\Efe Tuncel\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Efe Tuncel\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
    .

    2008-12-20 12:43 . 2008-12-20 12:43 <DIR> d-------- C:\VundoFix Backups
    2008-12-15 14:25 . 2008-12-15 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
    2008-12-13 14:21 . 2008-12-13 14:21 <DIR> d-------- c:\program files\ijji
    2008-12-13 12:06 . 2008-12-16 17:18 31 --a------ c:\windows\GunzLauncher.INI
    2008-12-13 12:05 . 2008-12-16 17:17 <DIR> d--h----- c:\documents and settings\Efe Tuncel\Application Data\ijjigame
    2008-12-13 11:58 . 2008-12-13 11:58 <DIR> d-------- C:\ijji
    2008-12-13 11:35 . 2008-12-13 11:35 <DIR> d-------- c:\windows\system32\SolidStateNetworks
    2008-12-10 21:13 . 2008-12-10 21:14 <DIR> d-------- c:\program files\iTunes
    2008-12-10 21:13 . 2008-12-10 21:13 <DIR> d-------- c:\program files\iPod
    2008-12-10 21:13 . 2008-12-10 21:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-10 20:57 . 2008-12-10 20:58 <DIR> d-------- c:\program files\Safari
    2008-12-10 01:13 . 2008-12-20 13:31 14,647,840 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-10 01:13 . 2008-12-20 13:26 197,156 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-10 01:13 . 2008-12-20 13:29 180,256 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-10 01:13 . 2008-12-20 13:26 17,852 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-09 23:39 . 2008-12-09 23:39 10,520 --a------ c:\windows\system32\avgrsstx.dll.install_backup
    2008-12-09 22:00 . 2008-12-09 22:00 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
    2008-12-09 21:50 . 2008-12-09 21:51 <DIR> d-------- c:\windows\ERUNT
    2008-12-09 21:41 . 2008-12-20 11:53 <DIR> d-------- C:\SDFix
    2008-12-09 20:39 . 2008-12-09 20:39 232,960 --a------ c:\windows\system32\gwixdpbb.exe
    2008-12-09 17:12 . 2001-08-17 12:11 96,640 --a------ c:\windows\system32\drivers\b57xp32.sys
    2008-12-09 17:12 . 2001-08-17 12:11 96,640 --a--c--- c:\windows\system32\dllcache\b57xp32.sys
    2008-12-08 12:03 . 2008-12-08 12:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
    2008-12-08 11:56 . 2008-12-08 11:56 <DIR> d-------- c:\program files\AVG
    2008-12-08 02:15 . 2008-12-09 11:29 96,976 --a------ c:\windows\system32\drivers\klin.dat
    2008-12-08 02:15 . 2008-12-09 11:29 87,855 --a------ c:\windows\system32\drivers\klick.dat
    2008-12-08 02:11 . 2008-12-08 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-12-06 03:03 . 2008-12-06 03:03 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-11-30 12:59 . 2008-11-30 13:00 <DIR> d-------- c:\documents and settings\Efe Tuncel\Application Data\Webcammax
    2008-11-30 12:59 . 2008-03-11 08:14 941,784 --a------ c:\windows\system32\drivers\CAMTHWDM.sys
    2008-11-30 12:00 . 2008-11-30 12:00 <DIR> d-------- c:\program files\SuperWebcam
    2008-11-30 11:59 . 2006-06-27 08:56 31,872 --a------ c:\windows\system32\drivers\superwebcam.sys
    2008-11-26 21:12 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-11-26 21:12 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2008-11-26 21:12 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2008-11-26 21:12 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
    2008-11-24 12:53 . 2008-11-24 12:53 244 --ah----- C:\sqmnoopt13.sqm
    2008-11-24 12:53 . 2008-11-24 12:53 232 --ah----- C:\sqmdata13.sqm

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-20 17:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-16 22:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-15 19:30 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Sports Interactive
    2008-12-15 19:14 --------- d-----w c:\program files\Sports Interactive
    2008-12-15 03:02 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\LimeWire
    2008-12-14 19:44 --------- d-----w c:\program files\Bonjour
    2008-12-12 18:30 --------- d-----w c:\program files\Windows Live Safety Center
    2008-12-12 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-12-11 02:13 --------- d-----w c:\program files\Common Files\Apple
    2008-12-11 02:09 --------- d-----w c:\program files\QuickTime
    2008-12-10 17:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-09 16:25 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
    2008-12-09 16:06 --------- d-----w c:\program files\Kaspersky Lab
    2008-12-08 19:42 --------- d-----w c:\program files\Quicken
    2008-12-06 08:02 --------- d-----w c:\program files\Java
    2008-12-04 01:04 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\CoreFTP
    2008-12-03 16:57 --------- d-----w c:\program files\Firaxis Games
    2008-12-02 19:29 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
    2008-11-29 01:51 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\DAEMON Tools
    2008-11-27 02:20 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Apple Computer
    2008-11-22 16:56 --------- d-----w c:\program files\TVUPlayer
    2008-11-15 20:53 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Red Alert 3
    2008-11-07 17:18 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
    2008-11-07 17:17 --------- d-----w c:\program files\Lavasoft
    2008-11-07 17:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-07 01:06 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-03 23:44 --------- d-----w c:\program files\Sipru
    2008-11-03 23:41 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-11-03 23:41 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\SUPERAntiSpyware.com
    2008-11-03 23:35 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-11-03 23:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-11-03 22:48 --------- d-----w c:\program files\Symantec
    2008-11-03 21:18 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Malwarebytes
    2008-11-03 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-03 20:33 --------- d-----w c:\documents and settings\NetworkService\Application Data\TeamViewer
    2008-11-03 18:01 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\TeamViewer
    2008-11-03 17:13 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\TeamViewer
    2008-11-03 17:13 --------- d-----w c:\program files\TeamViewer3
    2008-11-02 03:29 --------- d-----w c:\program files\Electronic Arts
    2008-10-29 22:44 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Epson
    2008-10-29 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\EPSON
    2008-10-29 22:42 --------- d-----w c:\program files\EpsonNet
    2008-10-29 22:42 --------- d-----w c:\program files\Common Files\EPSON
    2008-10-29 22:40 --------- d-----w c:\program files\EPSON
    2008-10-29 22:38 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Arcsoft
    2008-10-29 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\ArcSoft
    2008-10-29 22:37 --------- d-----w c:\program files\Common Files\ArcSoft
    2008-10-29 22:36 --------- d-----w c:\program files\ArcSoft
    2008-10-29 22:35 --------- d-----w c:\program files\Epson Software
    2008-10-29 22:35 --------- d-----w c:\program files\Common Files\InstallShield
    2008-10-26 00:36 --------- d-----w c:\program files\ClickToConvert
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 01:56 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Move Networks
    2008-10-23 00:55 --------- d-----w c:\program files\Trend Micro
    2008-10-22 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-21 22:33 --------- d-----w c:\program files\Microsoft Silverlight
    2008-10-21 22:30 --------- d-----w c:\program files\QuickWordtoPDF
    2008-10-06 15:57 356,352 ----a-w c:\documents and settings\Efe Tuncel\cwshredder.dll
    2008-11-14 22:49 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-11-14 22:49 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-11-14 22:49 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-11-14 22:49 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-11-14 22:49 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-08-07 23:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080720080808\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-12-20_ 9.18.02.95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-10 02:52:04 3,661,824 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-12-20 15:24:15 12,103,680 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    - 2008-12-10 02:52:04 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-12-20 15:24:15 192,512 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-04-14 00:12:19 1,033,728 -c--a-w c:\windows\system32\dllcache\explorer.exe
    - 2008-12-20 14:07:05 215,860 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2008-12-20 18:32:14 215,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2008-12-20 18:28:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7dc.dat
    + 2008-12-20 18:28:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_874.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "EPSON WorkForce 600(Network)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE" [2008-03-04 188928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
    "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
    "WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2006-02-07 73728]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
    "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

    c:\documents and settings\Efe Tuncel\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-02-22 21:11 39936 c:\windows\system32\fusstub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli fusstub

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\CoreFTP\\coreftp.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
    "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
    "c:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\ijji\\ENGLISH\\u_gunz.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "20882:TCP"= 20882:TCP:*:Disabled:SolidNetworkManager
    "20882:UDP"= 20882:UDP:*:Disabled:SolidNetworkManager

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
    R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2006-07-22 9216]
    R2 FdRedir;FdRedir;\??\c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
    R2 FileDisk2;FileDisk Protector Kernel Driver;\??\c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
    R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-07-22 36352]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-07-22 30080]
    R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2006-07-22 71961]
    R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2008-11-30 31872]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-22 226304]
    R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [2008-02-22 26880]
    S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [2008-02-22 53376]
    S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\DRIVERS\GCXX.sys [2006-07-22 114944]
    S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\DRIVERS\GCXXNet.sys [2006-07-22 53248]
    S3 UXDCMN;UXDCMN;\??\E:\UXDCMN.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03d8117d-9d2e-11dd-b7e0-0018ded50f9a}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03d8117e-9d2e-11dd-b7e0-0018ded50f9a}]
    \Shell\AutoRun\command - EXPLORER.EXE
    \Shell\explore\Command - EXPLORER.EXE
    \Shell\open\Command - EXPLORER.EXE
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: *.amaena.com
    Trusted Zone: *.avsystemcare.com
    Trusted Zone: *.onerateld.com
    Trusted Zone: *.safetydownload.com
    Trusted Zone: *.trustedantivirus.com
    Trusted Zone: *.virusremover2008.com
    Trusted Zone: *.virusschlacht.com
    Trusted Zone: *.amaena.com
    Trusted Zone: *.avsystemcare.com
    Trusted Zone: *.onerateld.com
    Trusted Zone: *.safetydownload.com
    Trusted Zone: *.trustedantivirus.com
    Trusted Zone: *.virusremover2008.com
    Trusted Zone: *.virusschlacht.com
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll

    c:\windows\Downloaded Program Files\justintv_publisher.dll - O16 -: Justin.tv Publisher
    hxxp://www.justin.tv/plugins/justintv_publisher.CAB
    c:\windows\Downloaded Program Files\justintv_publisher.OSD

    c:\windows\Downloaded Program Files\SeeTooAddon.dll - O16 -: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2}
    hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c7a963b945af174ad&browserVersion=7.0
    c:\windows\Downloaded Program Files\SeeTooAddon.inf

    c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\avalaid.exe
    c:\windows\Downloaded Program Files\avalaid.dll
    c:\windows\Downloaded Program Files\ide21201.vxd
    c:\windows\Downloaded Program Files\libcurl.dll
    c:\windows\Downloaded Program Files\avaLaunch.ocx
    O16 -: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F}
    hxxp://212.175.239.246:81/avaLaunch94.cab
    c:\windows\Downloaded Program Files\avaLaunch.inf

    c:\windows\Downloaded Program Files\NpFv41629.dll - O16 -: {E55FD215-A32E-43FE-A777-A7E8F165F554}
    hxxp://data.flatcast.com/data/objects/NpFv41629.dll
    FF - ProfilePath - c:\documents and settings\Efe Tuncel\Application Data\Mozilla\Firefox\Profiles\kmsh6qbw.default\

    ATTENTION: FIREFOX POLICES IS IN FORCE
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-20 13:29:03
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1548)
    c:\windows\system32\klogon.dll
    c:\windows\system32\fusstub.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\config.dll
    c:\program files\Protector Suite QL\passport.dll
    c:\program files\Protector Suite QL\BhTcAll.dll
    c:\program files\Protector Suite QL\BhDevTfm.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\VESWinlogon.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\AlgVer.dll
    c:\program files\Protector Suite QL\TCBioLib.dll

    - - - - - - - > 'lsass.exe'(1612)
    c:\windows\system32\fusstub.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Common Files\EPSON\eEBAPI\eEBSvc.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\program files\Sony\SmartWi Connection Utility\SmartWiService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Apoint\ApntEx.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-20 13:39:22 - machine was rebooted [Efe Tuncel]
    ComboFix-quarantined-files.txt 2008-12-20 18:39:17
    ComboFix2.txt 2008-12-20 14:21:11
    ComboFix3.txt 2008-12-10 08:00:55

    Pre-Run: 13,174,337,536 bytes free
    Post-Run: 13,177,364,480 bytes free

    366 --- E O F --- 2008-12-17 20:19:35

    --------------------------
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Provide: The HJT log only.

    Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.
    Do NOT run 'FIXES' before helpers have analyzed the HJT log
    Last edited by tashi; 2008-12-21 at 07:22. Reason: Added sticky links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •