View Full Version : Help Please
Been having a lot of trouble with spyware lately and most programs can't seem to remove all the infections. Thanks in advance for helping out.
When I performed the online anti-virus scan it didn't have a save log option so I just copied what it found. Here it is :
File Infection Status Path
mvwapygy.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
rtkdtrmo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
fmblvjex.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ktccsiab.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
dfmatnht.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pkidaeob.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ntfcfcui.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
ujtxexbx.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
fijdbjrj.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
xvunlllt.dll Win32/Vundo.BU cannot cure C:\WINDOWS\system32\
absrrere.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
oloryjwa.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
eluycgfr.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
dkrljynh.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
vywbxveo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
divmkkeo.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
hqpvdyrh.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
jhwduvrx.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
rifsjngv.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
moimenyw.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
kmimijcm.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
kfsmggme.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
vtagihaw.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
tyerujjn.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pwvcmdmm.dll Win32/Darksma.T deleted C:\WINDOWS\system32\
pmkhi.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
vtutq.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
awtst.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
jkklj.dll.bad Win32/Vundo deleted C:\VundoFix Backups\
And now the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:13:22 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ASEMBL~1\csrss.exe
C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\{156813FD-0724-1033-0509-060411060001}\Update.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{35681~1\Bar888.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{156813FD-0724-1033-0509-060411060001}] "C:\Program Files\Common Files\{156813FD-0724-1033-0509-060411060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [{156813FD-0725-1033-0509-060411060001}] "C:\Program Files\Common Files\{156813FD-0725-1033-0509-060411060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
steamwiz
2007-01-16, 23:01
HI
Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
steam
"Clayton Kueh" - 07-01-16 17:35:17 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Program Files\Mozilla Firefox"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Documents and Settings\All Users\Documents\setup.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wintsu.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\Program Files\Common Files\{35681~1
C:\Program Files\Common Files\{35681~2
C:\Program Files\Outerinfo
C:\Program Files\VSAdd-in
C:\WINDOWS\system32\components
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\{15681~2
C:\Program Files\Common Files\{15681~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\WINDOWS\ASEMBL~1\csrss.exe
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\r?gsvr32.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))
2007-01-16 17:38 275,643 --a------ C:\WINDOWS\system32\awtqo.dll
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-16 16:11 22,029 ---hs---- C:\WINDOWS\system32\wvurolk.dll
2007-01-16 15:25 <DIR> d-------- C:\Program Files\webHancer
2007-01-16 03:38 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-15 18:10 738,260 ---hs---- C:\WINDOWS\system32\qrqss.bak1
2007-01-15 18:10 277,044 ---hs---- C:\WINDOWS\system32\ssqrq.dll
2007-01-15 18:10 22,029 ---hs---- C:\WINDOWS\system32\fccywuu.dll
2007-01-15 18:10 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe
2007-01-15 18:03 738,260 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 21:35 22,541 ---hs---- C:\WINDOWS\system32\opnmjii.dll
2007-01-12 03:36 22,541 ---hs---- C:\WINDOWS\system32\vtuspno.dll
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 17:46 60,416 --a------ C:\WINDOWS\system32\qhykcwz.dll
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2007-01-03 17:20 118,804 --------- C:\WINDOWS\system32\xvunlllt.dll
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-27 17:18 44,060 --a------ C:\WINDOWS\system32\dljvpbmv.dll
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-24 17:12 22,541 ---hs---- C:\WINDOWS\system32\cbxuuvt.dll
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 00:34 40973 ---hs---- C:\WINDOWS\system32\awtqqnm.dll
2006-11-23 21:51 40973 ---hs---- C:\WINDOWS\system32\qomkhij.dll
2006-11-23 21:07 40973 ---hs---- C:\WINDOWS\system32\awtutsq.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-22 17:03 40973 ---hs---- C:\WINDOWS\system32\wvurpqp.dll
2006-11-22 14:26 40973 ---hs---- C:\WINDOWS\system32\fccdbxx.dll
2006-11-21 19:04 40973 ---hs---- C:\WINDOWS\system32\ddcyaxu.dll
2006-11-21 19:04 18944 --------- C:\WINDOWS\system32\winrge32.dll
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-17 03:02 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Bwer"="\"C:\\WINDOWS\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Bfz"="C:\\Documents and Settings\\Clayton Kueh\\My Documents\\S?mantec\\r?gsvr32.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\xvunlllt.dll\",setvm"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurolk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061123-214330-817
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
backup-20061123-214330-212
O2 - BHO: (no name) - {CC7D820E-2F0E-44F0-B329-5B5F9CB20E34} - C:\WINDOWS\system32\vtutq.dll (file missing)
backup-20061123-214330-589
O2 - BHO: (no name) - {621CF30B-9C1A-4B4D-91CB-D1EF13177687} - C:\WINDOWS\system32\pmkhi.dll (file missing)
Completion time: 07-01-16 17:40:05
Logfile of HijackThis v1.99.1
Scan saved at 5:43:18 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
steamwiz
2007-01-17, 18:38
Hi
A lot of work still to do... you have a vundo Trojan, but this is hidden from hijackthis.. in order to show the hidden entries please find your hijackthis.exe file and rename it to Claypot.exe
run this file & post a new hijackthis log...
When you have posted the log please do this :-
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".
7. Please post the contents of C:\vundofix.txt and a new HiJackThis log.
If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix untill it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...
Remember to post the C:\vundofix.txt and a new HiJackThis log.
so that's a hijackthis log before & after running vundofix...
to finish with post a new combofix log as well...
steam
This is the hijackthis log before vundofix :
Logfile of HijackThis v1.99.1
Scan saved at 2:44:39 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\Claypot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Vundofix log:
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 2:50:37 PM 1/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
New hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:08:04 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\divxsm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Claypot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll
O2 - BHO: (no name) - {41D2767B-A47D-4900-A18F-902C6C683C67} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\SYSTEM32\winrge32.dll
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
And finally the combofix log:
"Clayton Kueh" - 07-01-17 15:03:37 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Clayton Kueh\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\All Users\Documents\setup.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\WINDOWS\ASEMBL~1\csrss.exe
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\r?gsvr32.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))
2007-01-17 14:58 76,412 --a------ C:\WINDOWS\system32\mautrdso.dll
2007-01-17 14:58 740,018 ---hs---- C:\WINDOWS\system32\ijjlm.bak1
2007-01-17 14:58 277,044 ---hs---- C:\WINDOWS\system32\mljji.dll
2007-01-17 14:57 277,044 ---hs---- C:\WINDOWS\system32\jkhfc.dll
2007-01-17 14:57 277,044 --------- C:\WINDOWS\system32\mljjk.dll
2007-01-17 14:50 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-01-16 17:38 275,643 --a------ C:\WINDOWS\system32\awtqo.dll
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-16 16:11 22,029 ---hs---- C:\WINDOWS\system32\wvurolk.dll
2007-01-16 15:25 <DIR> d-------- C:\Program Files\webHancer
2007-01-16 03:38 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-15 18:10 22,029 ---hs---- C:\WINDOWS\system32\fccywuu.dll
2007-01-15 18:10 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe
2007-01-15 18:03 738,260 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 21:35 22,541 ---hs---- C:\WINDOWS\system32\opnmjii.dll
2007-01-12 03:36 22,541 ---hs---- C:\WINDOWS\system32\vtuspno.dll
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 17:46 60,416 --a------ C:\WINDOWS\system32\qhykcwz.dll
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2007-01-03 17:20 118,804 --------- C:\WINDOWS\system32\xvunlllt.dll
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-27 17:18 44,060 --a------ C:\WINDOWS\system32\dljvpbmv.dll
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-24 17:12 22,541 ---hs---- C:\WINDOWS\system32\cbxuuvt.dll
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-24 00:34 40973 ---hs---- C:\WINDOWS\system32\awtqqnm.dll
2006-11-23 21:51 40973 ---hs---- C:\WINDOWS\system32\qomkhij.dll
2006-11-23 21:07 40973 ---hs---- C:\WINDOWS\system32\awtutsq.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-22 17:03 40973 ---hs---- C:\WINDOWS\system32\wvurpqp.dll
2006-11-22 14:26 40973 ---hs---- C:\WINDOWS\system32\fccdbxx.dll
2006-11-21 19:04 40973 ---hs---- C:\WINDOWS\system32\ddcyaxu.dll
2006-11-21 19:04 18944 --------- C:\WINDOWS\system32\winrge32.dll
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-17 03:02 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Bwer"="\"C:\\WINDOWS\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Bfz"="C:\\Documents and Settings\\Clayton Kueh\\My Documents\\S?mantec\\r?gsvr32.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\xvunlllt.dll\",setvm"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljji
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurolk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
Completion time: 07-01-17 15:06:22
C:\ComboFix2.txt ... 07-01-16 17:40
My antivirus keep popping up to warn me of Trojan.Nebuler if that helps at all.
steamwiz
2007-01-17, 22:17
HI
still LOTS to do...
You still have a LOT of vundo files...
Please run vundofix again & again & again & keep running it until you get the message "no infected files were found"
you may have to run it half a dozen or more times... vundo can be very stubborn to go ...
Once you get "no infected files were found" ... carry on with this :-
Download and install the 30 day trial of AVG Anti-Spyware from HERE :-
http://www.ewido.net/en/download/
1. Download it to your desktop
2. Doubleclick the AVG Anti-Spyware icon to start the ewido setup process...
3. update the definition files....
Click the Update icon then select the Update now link...
Select the Start Update button, the update will start and a progress bar will show the updates being installed.
4. select the Scanner icon at the top of the screen, then select the Settings tab
click on Recommended actions and then select Quarantine
5. Under Reports...
Select Automatically generate report after every scan
Un-Select Only if threats were found
6. Close AVG Anti-Spyware > Do not run the scan yet.
Boot your computer into Safemode
1. Go to Start> Shut Off your Computer> Restart
2. As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
3. Use the Up and Down Arrow Keys to scroll up to SAFEMODE
4. Then press the Enter on your Keyboard
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process
1. Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
2. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
3. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
4. Once the scan is complete do the following:
5. If you have any infections you will prompted, then select Apply all actions
6. Next select the Reports icon at the top.
7. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
8. make sure to remember where you saved that file, this is important
9. Close AVG Anti-Spyware
10. Copy & paste the AVG Anti-Spyware report in your next post
So I'll want to see :-
1. AVG Anti-Spyware report
2. a new C:\vundofix.txt
3. a new combofix
3. a new hijackthis log
I know this is a lot of work, but once you have done this, we will be well on the way to resolving the problem.
steam
Here's the AVG report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:29:39 PM 1/17/2007
+ Scan result:
C:\Program Files\PeDevice\PeDev.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0031288.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{755BBD1A-AA59-456C-AFEB-B4C42C4DCB6F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3258068850-1361271089-2083856457-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP150\A0038964.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP150\A0038965.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\QooBox\Purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1\rеgsvr32.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016994.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0029278.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qhykcwz.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016989.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016990.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP142\A0020201.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP142\A0020202.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP148\A0037443.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP148\A0037444.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039019.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039020.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039217.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039260.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039261.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039287.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtqqnm.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\awtutsq.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ddcyaxu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fccdbxx.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qomkhij.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wvurpqp.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{898272CF-3ACE-4A7B-98FA-9EB8DB8B26DC} -> Adware.VirusBursters : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0031295.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP146\A0031322.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039148.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039149.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP147\A0035367.ini -> Dialer.IDialer.m : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd21.tmp.exe -> Dialer.IDialer.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039095.EXE -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039233.EXE -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039151.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\ASEMBL~1\csrss.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP128\A0016942.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039210.exe -> Dropper.Small : Cleaned with backup (quarantined).
:mozilla.184:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.185:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.186:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.187:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.188:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.311:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.326:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.510:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.655:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.676:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.684:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.218:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.219:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.220:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.849:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.228:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.871:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.872:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.229:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.230:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.154:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.155:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.156:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.305:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.157:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.158:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.159:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.371:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.372:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.346:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.358:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.359:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.360:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.361:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
*continued next post
:mozilla.447:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.448:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.224:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.226:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.258:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.259:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.260:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.86:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.87:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.88:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.83:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.462:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.99:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.875:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.596:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.597:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.670:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.671:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.672:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.165:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.167:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.169:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.170:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.160:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.161:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.710:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.432:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.433:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.434:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.435:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.301:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.736:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.737:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.738:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.739:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.740:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.922:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.923:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.924:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.766:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.767:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.768:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.778:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.779:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.780:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.781:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.702:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.703:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.704:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.705:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.706:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.100:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\winrge32.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP128\A0016943.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP131\A0016995.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP145\A0029283.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039212.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Q2xheXRvbiBLdWVo\kZU1yrlSv21MxqpC.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Vundofix log:
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 2:50:37 PM 1/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 4:45:44 PM 1/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 4:48:07 PM 1/17/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 4:49:19 PM 1/17/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 5:00:37 PM 1/17/2007
Listing files found while scanning....
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tttss.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 5:06:32 PM 1/17/2007
Listing files found while scanning....
No infected files were found.
Combofix log:
"Clayton Kueh" - 07-01-17 18:34:22 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Clayton Kueh\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))
2007-01-17 16:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-17 16:51 <DIR> d-------- C:\Program Files\Grisoft
2007-01-17 14:58 76,412 --a------ C:\WINDOWS\system32\mautrdso.dll
2007-01-17 14:58 277,044 --------- C:\WINDOWS\system32\mljji.dll
2007-01-17 14:57 277,044 ---hs---- C:\WINDOWS\system32\jkhfc.dll
2007-01-16 17:38 275,643 --a------ C:\WINDOWS\system32\awtqo.dll
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-16 16:11 22,029 ---hs---- C:\WINDOWS\system32\wvurolk.dll
2007-01-16 03:38 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-15 18:10 22,029 ---hs---- C:\WINDOWS\system32\fccywuu.dll
2007-01-15 18:10 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe
2007-01-15 18:03 738,260 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 21:35 22,541 ---hs---- C:\WINDOWS\system32\opnmjii.dll
2007-01-12 03:36 22,541 ---hs---- C:\WINDOWS\system32\vtuspno.dll
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2007-01-03 17:20 118,804 --------- C:\WINDOWS\system32\xvunlllt.dll
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-27 17:18 44,060 --a------ C:\WINDOWS\system32\dljvpbmv.dll
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-24 17:12 22,541 ---hs---- C:\WINDOWS\system32\cbxuuvt.dll
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-17 03:02 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Bwer"="\"C:\\WINDOWS\\ASEMBL~1\\csrss.exe\" -vt yazb"
"Bfz"="C:\\Documents and Settings\\Clayton Kueh\\My Documents\\S?mantec\\r?gsvr32.exe"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\xvunlllt.dll\",setvm"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurolk
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS
Completion time: 07-01-17 18:37:19
C:\ComboFix3.txt ... 07-01-16 17:40
C:\ComboFix2.txt ... 07-01-17 15:06
and finally a new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 6:44:18 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\Claypot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19FF91E9-7E78-4718-8E23-C7F110FF077B} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {EB9C9435-6CCA-4434-8E4D-DE486259ECED} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
steamwiz
2007-01-18, 12:18
HI
Sorry to say, but you still have a vundo trojan infection...
I'm going to have you remove all the bad files I can see, then I want you to run the scans again please...
First...
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
O2 - BHO: (no name) - {19FF91E9-7E78-4718-8E23-C7F110FF077B} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: (no name) - {1C9678E2-77AC-4CAD-89EA-9E3F980C73C4} - C:\WINDOWS\system32\wvurolk.dll
O2 - BHO: (no name) - {2FFCF426-31CF-126F-B9E0-33A67C5EC090} - C:\WINDOWS\system32\qhykcwz.dll (file missing)
O2 - BHO: (no name) - {59349718-0781-419A-A249-87E1740EC9C8} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: (no name) - {6F49B50E-9077-4F58-8375-9A844DA0F654} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\dljvpbmv.dll
O2 - BHO: (no name) - {84B54719-3FEC-478B-8019-701465EB3D56} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {B0C230E1-0D38-4704-8B47-9F9CAE1AF8B4} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {EB9C9435-6CCA-4434-8E4D-DE486259ECED} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {FCE1DD9E-7D9A-4215-ABFB-E6B32F3D8F1F} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\xvunlllt.dll",setvm
O4 - HKCU\..\Run: "C:\WINDOWS\ASEMBL~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Bfz] C:\Documents and Settings\Clayton Kueh\My Documents\S?mantec\r?gsvr32.exe
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: winrge32 - winrge32.dll (file missing)
O20 - Winlogon Notify: wvurolk - C:\WINDOWS\SYSTEM32\wvurolk.dll
[b]Reboot
1. Download and unzip Avenger (by Swandog46) to your desktop. > http://swandog46.geekstogo.com/avenger.zip
2. Double click the Avenger.exe file
3. Click OK
4. Select Input script manually
5. Click the Magnifying Glass icon
6. Highlight the text in the code box below, & copy and paste it into the View/edit script box
Files to delete:
C:\WINDOWS\system32\mautrdso.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\wvurolk.dll
C:\WINDOWS\system32\fccywuu.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\opnmjii.dll
C:\WINDOWS\system32\vtuspno.dll
C:\WINDOWS\system32\xvunlllt.dll
C:\WINDOWS\system32\dljvpbmv.dll
C:\WINDOWS\system32\cbxuuvt.dll
C:\WINDOWS\system32\vtuts.dll
C:\Program Files\Common Files\svchost.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
7. Click Done
8. Click the Traffic Light icon to start the program.
9. click Yes to execute the script and click Yes when asked to reboot your computer
10. Post the contents of the file C:\Avenger.txt
After the reboot...
run all the programs again and ...
Post the following new logs...
1. AVG Anti-Spyware report
2. a new C:\vundofix.txt
3. a new combofix
4. a new hijackthis log
Don't forget to Post the contents of the file C:\Avenger.txt
steam
Avenger log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qqgyshgy
*******************
Script file located at: \??\C:\Documents and Settings\dpbmdcrf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\mautrdso.dll deleted successfully.
File C:\WINDOWS\system32\mljji.dll not found!
Deletion of file C:\WINDOWS\system32\mljji.dll failed!
Could not process line:
C:\WINDOWS\system32\mljji.dll
Status: 0xc0000034
File C:\WINDOWS\system32\jkhfc.dll deleted successfully.
File C:\WINDOWS\system32\awtqo.dll deleted successfully.
File C:\WINDOWS\system32\wvurolk.dll deleted successfully.
File C:\WINDOWS\system32\fccywuu.dll deleted successfully.
File C:\WINDOWS\system32\unsvchosts.exe deleted successfully.
File C:\WINDOWS\system32\yccdd.bak1 deleted successfully.
File C:\WINDOWS\system32\opnmjii.dll deleted successfully.
File C:\WINDOWS\system32\vtuspno.dll deleted successfully.
File C:\WINDOWS\system32\xvunlllt.dll deleted successfully.
File C:\WINDOWS\system32\dljvpbmv.dll not found!
Deletion of file C:\WINDOWS\system32\dljvpbmv.dll failed!
Could not process line:
C:\WINDOWS\system32\dljvpbmv.dll
Status: 0xc0000034
File C:\WINDOWS\system32\cbxuuvt.dll deleted successfully.
File C:\WINDOWS\system32\vtuts.dll deleted successfully.
File C:\Program Files\Common Files\svchost.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
AVG Log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 4:40:47 PM 1/18/2007
+ Scan result:
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039493.dll -> Adware.Delfin : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039485.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039486.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP151\A0039288.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039487.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039488.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039489.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039490.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039491.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039492.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039484.exe -> Downloader.PurityScan.dt : Cleaned.
:mozilla.24:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.86:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.58:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.47:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.90:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Clayton Kueh\Cookies\clayton_kueh@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.57:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.131:C:\Documents and Settings\Clayton Kueh\Application Data\Mozilla\Firefox\Profiles\10ofv3fs.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039482.dll -> Trojan.Agent.vg : Cleaned.
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP152\A0039483.vbs -> Trojan.Small : Cleaned.
::Report end
Vundofix log:
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 1:31:17 PM 1/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
C:\WINDOWS\system32\vtuts.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 1:47:49 PM 1/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 1:54:52 PM 1/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 2:03:31 PM 1/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 2:20:01 PM 1/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Here's where I had a problem, this file kept showing up every time I used vundofix to scan my system and even after I selected it to be removed every single time.
Combofix log:
"Clayton Kueh" - 07-01-18 20:22:00 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Clayton Kueh\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\MANTEC~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\ASEMBL~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1
C:\qoobox\purity\WINDOWS\ASEMBL~1\a?sembly
C:\qoobox\purity\Program Files\YMANTE~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\CLAYTO~1\My Documents\SMANTE~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))
2007-01-18 14:17 <DIR> d-------- C:\avenger
2007-01-17 16:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-17 16:51 <DIR> d-------- C:\Program Files\Grisoft
2007-01-16 17:37 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-15 16:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-15 16:43 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-15 16:43 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-15 16:43 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-15 16:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-15 16:31 <DIR> d-------- C:\DOCUME~1\CLAYTO~1\Application Data\Lavasoft
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-15 14:53 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-15 14:52 <DIR> d--h----- C:\WINDOWS\ie7
2007-01-15 14:49 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-15 14:48 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 18:30 <DIR> d-------- C:\ATI
2007-01-14 05:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-14 05:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 23:04 <DIR> d--hs---- C:\FOUND.010
2007-01-13 21:01 <DIR> d--hs---- C:\FOUND.009
2007-01-13 19:21 <DIR> d--hs---- C:\FOUND.008
2007-01-13 14:11 <DIR> d--hs---- C:\FOUND.007
2007-01-12 02:56 <DIR> d--hs---- C:\FOUND.006
2007-01-11 00:22 <DIR> d--hs---- C:\FOUND.005
2007-01-10 17:05 <DIR> d--hs---- C:\FOUND.004
2007-01-09 19:23 <DIR> d--hs---- C:\FOUND.003
2007-01-09 17:53 <DIR> d--hs---- C:\FOUND.002
2007-01-08 21:02 <DIR> d--hs---- C:\FOUND.001
2007-01-08 10:33 <DIR> d--hs---- C:\FOUND.000
2007-01-07 19:58 <DIR> d-------- C:\Program Files\Sony
2006-12-29 03:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Sun
2006-12-26 05:47 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 05:34 <DIR> d-------- C:\Program Files\LucasArts
2006-12-25 19:18 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
2006-12-24 17:14 <DIR> d-------- C:\Program Files\PeDevice
2006-12-22 12:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 16:44 7126 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-23 15:18 -------- d-------- C:\Program Files\warcraft iii
2006-11-22 19:39 -------- d-------- C:\Program Files\registrar registry manager
2006-11-18 14:34 -------- d-------- C:\Program Files\symantec antivirus
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-26 16:23 21888 --a------ C:\WINDOWS\system32\rrspy.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{1C9678E2-77AC-4CAD-89EA-9E3F980C73C4}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS
Completion time: 07-01-18 20:23:52
C:\ComboFix3.txt ... 07-01-17 15:06
C:\ComboFix2.txt ... 07-01-17 18:37
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:25:08 PM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\CLAYTO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\Claypot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
steamwiz
2007-01-19, 20:46
HI
All your logs are looking good...
This file which vundofix keeps findingis not showing anywhere else, so we'll remove it with Avenger...
C:\WINDOWS\system32\mkvrhjrq.dll
Then run vundofix again and you should get "no infected files were found"
2. Double click the Avenger.exe file
3. Click OK
4. Select Input script manually
5. Click the Magnifying Glass icon
6. Highlight the text in the code box below, & copy and paste it into the View/edit script box
Files to delete:
C:\WINDOWS\system32\mkvrhjrq.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
7. Click Done
8. Click the Traffic Light icon to start the program.
9. click Yes to execute the script and click Yes when asked to reboot your computer
10. Post the contents of the file C:\Avenger.txt
After the reboot...
run vundofix again and you should get "no infected files were found" ... let me know... post the log if it shows anything different.
Delete this folder now :-
C:\qoobox ... folder
-
Open a new notepad file, copy & paste the text from the code box below, make sure there is no space above or before the regedit4
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=-
go to file > save as
give it a file name of clean.reg
save as type : all files
save it somewhere you can find it easy... say the desktop...
double click on the file and say yes to merge the contents with the registry.
steam
Sorry bout the slow reply. Here's the avenger log :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cctcpqew
*******************
Script file located at: \??\C:\Program Files\hllgkdpx.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\mkvrhjrq.dll not found!
Deletion of file C:\WINDOWS\system32\mkvrhjrq.dll failed!
Could not process line:
C:\WINDOWS\system32\mkvrhjrq.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
I ran vundofix and the file popped up again. Here's the log :
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 3:21:51 PM 1/24/2007
Listing files found while scanning....
C:\WINDOWS\system32\mkvrhjrq.dll
steamwiz
2007-01-24, 23:56
Hi
I don't know why vundofix keeps finding that file ... it's obviously not there, it never showed up in any of the previous logs, & if Avenger says it's not there, then it's not there.... so don't think any more of it...
Are all your problems resolved ?
steam
Everything seems to be working perfectly now. Thanks a bunch for all the help you gave me.
steamwiz
2007-01-25, 20:40
HI
You're very welcome :)
steam