View Full Version : Virtumonde and Friends
butsukoy
2007-09-27, 01:12
I noticed some software on my computer stopped working a few days ago. I'm not very computer smart but even I can see my computer isn't looking too bright just glancing at the two logs. Anyways, here goes nothing. Thanks.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 26, 2007 3:27:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 26/09/2007
Kaspersky Anti-Virus database records: 423743
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 209159
Number of viruses found: 16
Number of infected objects: 175
Number of suspicious objects: 1
Duration of the scan process: 02:37:02
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007092620070927\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\yzmbicbk.sys Infected: Rootkit.Win32.Podnuha.c skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF1E0A.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP616\A0086697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP616\A0086716.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP616\A0086750.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP617\A0086772.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP618\A0086803.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP618\A0086804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP619\A0086845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP620\A0086861.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP621\A0086931.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP621\A0086947.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0086969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0087010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0087019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP624\A0087046.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP624\A0087047.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP627\A0087183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP627\A0087223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP628\A0087256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP628\A0087275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP629\A0087294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP630\A0087414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP630\A0087430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087441.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP632\A0087490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087576.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087595.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087596.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0087670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0088670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0088677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0089677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0089703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP636\A0089801.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP636\A0089813.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP638\A0089827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP639\A0089846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP639\A0089869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP646\A0090440.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP646\A0090462.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP646\A0090472.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091363.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
butsukoy
2007-09-27, 01:14
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP690\A0100419.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{38E30CE4-A412-43B5-876C-412570D792DC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\afxcwctl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\anrnqeuv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\aqewaylg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\atbiybes.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\atl7.dll Infected: Trojan-Dropper.Win32.Agent.bxm skipped
C:\WINDOWS\system32\atsorwlf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\bcvdxjks.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\bfyigygy.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\bgfuulpa.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\blkqwyev.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\bmltroxg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\bnmaafab.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\bootvi.dll Infected: Trojan-Dropper.Win32.Agent.bxm skipped
C:\WINDOWS\system32\bpwmdgxi.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\bwdaoxmk.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\cslmussy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ctasrvxi.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\cvwgivfy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\cwvvvuil.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\dmivyqli.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\duxcekeu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\dwbflydo.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\ejaweexe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\emasrkgh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\emmsbpqt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\fccwewao.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gbyibaon.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\gctjlcmt.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gekcwybl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gfwidykh.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\gggsmahf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ggymjnwh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\WINDOWS\system32\griusimn.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\gsfexycc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\gsrarnnq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gxbwvdik.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hbisaemw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\hdgfaqfh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\hebouwkj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hfutgnpk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\hhlrtyru.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\hqlkonpg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\hvgjcods.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\icyjxdod.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ifmtoobl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\inqqulqw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\iofqcdny.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\iqeepyoq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ishnajep.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\itqahdty.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\itsaenpk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\jiisvfkb.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\jlobrtxh.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\jlygeqtr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\WINDOWS\system32\jtyhenxe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\juakchon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\kaxyeobk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\kdckrnuy.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\kohtdluu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\kovipkxc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\lambdhfs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\lbygucws.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\lxosdrej.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mbowsxhn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mdwisnel.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mfhskbxf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mkrmniyc.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\mlgotytx.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\mwlcluyk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mwmqvrlg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nodahuua.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\noegrdce.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\nojuyklj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\ntiqavab.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ofyapyfl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\oofnagwb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\pdefqbtd.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\pjongacw.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\pnthcobx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\pvodlqex.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\pxaykkxc.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\pyymetps.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\qdukwgso.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qghmljbh.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\qibaopqx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qkycresg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qvldigfr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qyoscmeu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rfcmiyqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\riwvfxih.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\rnglcmdo.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rtempegq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\sakqricl.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\savflfaj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\siauqrlu.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\WINDOWS\system32\sjnjarqq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\smksohad.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\snaqbavf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\toeegrto.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\toxujwtd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tsbsjxui.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tsthxjcn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tsvreyyw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tuvijalr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\twuisbsl.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\tyrdwkfv.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\uborbluf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\ueijfmqj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ujegduek.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\uocsckye.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\vbyssdbp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vcpxxgcj.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\vejfvaws.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\vgvjykry.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vhcvckmw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vmvbodhh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vmvwynrn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\WINDOWS\system32\vwjikqdw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vxfaftwb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\vyysvnek.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wqwybfrp.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\WINDOWS\system32\ycjmqunt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\yctafuxf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ynlddcxr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ytngeblh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ytqdsegj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:50 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\ikglpoit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
butsukoy
2007-09-27, 01:15
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: rf-loader.org
O1 - Hosts: arn]
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: c][Trojan.PornDownloaderMCC]
O1 - Hosts: rf-loader.org
O1 - Hosts: arn]
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: .1 www.searchexpert.com
O1 - Hosts: c][Trojan.PornDownloaderMCC]
O1 - Hosts: rf-loader.org
O1 - Hosts: arn]
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: 127
O1 - Hosts: .1 www.astabar.com #[AdWare.Win32.Astabar.a]
O1 - Hosts: 127
O1 - Hosts: s.net
O1 - Hosts: .1 www.searchexpert.com
O1 - Hosts: c][Trojan.PornDownloaderMCC]
O1 - Hosts: rf-loader.org
O1 - Hosts: arn]
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: 0.0.1 movie-rise.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O1 - Hosts: nd of lines added by WinHelp2002
O1 - Hosts: pic.com
O1 - Hosts: 127
O1 - Hosts: .1 www.astabar.com #[AdWare.Win32.Astabar.a]
O1 - Hosts: 127
O1 - Hosts: s.net
O1 - Hosts: .1 www.searchexpert.com
O1 - Hosts: c][Trojan.PornDownloaderMCC]
O1 - Hosts: rf-loader.org
O1 - Hosts: arn]
O1 - Hosts: .0.1 www.topsite.us
O1 - Hosts: ][server down?]
O1 - Hosts: edia][Worex design]
O1 - Hosts: www.boobsncocks.com
O1 - Hosts: hampmovie.com
O1 - Hosts: 127
O1 - Hosts: .com
O1 - Hosts: 127
O1 - Hosts: deo.com
O1 - Hosts: 0.0.1 movie-rise.com
O1 - Hosts: o.com
O1 - Hosts: pgbank.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {253DF21C-89FA-4577-A1FE-81FC8C0B904c} - C:\WINDOWS\system32\mpptwmor.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\vtsqp.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\stpfyjpq.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: gmnriagd - gmnriagd.dll (file missing)
O20 - Winlogon Notify: ssttq - ssttq.dll (file missing)
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ikglpoit.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif
--
End of file - 17642 bytes
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
Restore Host File
Download HostsXpert v4.1 (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.
Double click on HostsXpert.exe to launch the program.
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
Click on Make ReadOnly to secure it against further infection.
Exit the program.
Visit the Website (http://www.funkytoad.com/content/view/13/31/) for more information.
VundoFix
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
SmitFraud Look
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
VundoFix Log
SmitFraud Log
A fresh HJT log
butsukoy
2007-10-02, 08:21
Thank you, katana. Well, here you go.
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 10:54:38 PM 10/1/2007
Listing files found while scanning....
C:\windows\system32\anrnqeuv.dll
C:\windows\system32\bgfuulpa.exe
C:\windows\system32\bxgjgocb.dll
C:\windows\system32\cslmussy.dll
C:\windows\system32\cwvvvuil.dll
C:\WINDOWS\system32\cwywejlj.ini
C:\windows\system32\dqaxarpm.dll
C:\windows\system32\duxcekeu.dll
C:\windows\system32\emmsbpqt.dll
C:\windows\system32\gbyibaon.exe
C:\windows\system32\ggymjnwh.dll
C:\windows\system32\gxbwvdik.exe
C:\windows\system32\iqeepyoq.dll
C:\windows\system32\jiisvfkb.exe
C:\WINDOWS\system32\jljewywc.dll
C:\windows\system32\jlygeqtr.dll
C:\windows\system32\jrfvcnra.dll
C:\windows\system32\juakchon.dll
C:\windows\system32\kaxyeobk.dll
C:\windows\system32\kohtdluu.dll
C:\windows\system32\kovipkxc.dll
C:\windows\system32\krlyktea.dll
C:\windows\system32\lambdhfs.dll
C:\windows\system32\mbqjferk.dll
C:\windows\system32\mlgotytx.exe
C:\windows\system32\mpptwmor.dll
C:\windows\system32\msjeucxt.dll
C:\windows\system32\noegrdce.dll
C:\windows\system32\oswbcvuf.dll
C:\windows\system32\oxjgfnsl.dll
C:\windows\system32\pdefqbtd.exe
C:\windows\system32\pjongacw.dll
C:\windows\system32\pnthcobx.dll
C:\windows\system32\pqstv.bak1
C:\windows\system32\pqstv.bak2
C:\windows\system32\pqstv.ini
C:\windows\system32\pqstv.ini2
C:\windows\system32\pqstv.tmp
C:\windows\system32\pxaykkxc.exe
C:\windows\system32\pyymetps.dll
C:\windows\system32\qesksudu.dll
C:\windows\system32\qghmljbh.exe
C:\windows\system32\rfcmiyqp.dll
C:\windows\system32\rrokwnjt.dll
C:\windows\system32\rtempegq.dll
C:\windows\system32\sjnjarqq.dll
C:\windows\system32\snaqbavf.dll
C:\windows\system32\titkxebg.dll
C:\windows\system32\tuvijalr.dll
C:\windows\system32\uborbluf.dll
C:\windows\system32\vejfvaws.dll
C:\WINDOWS\system32\vtsqp.dll
C:\windows\system32\vxfaftwb.dll
C:\windows\system32\vyysvnek.dll
C:\windows\system32\wqwybfrp.exe
C:\windows\system32\yctafuxf.dll
Beginning removal...
Attempting to delete C:\windows\system32\anrnqeuv.dll
C:\windows\system32\anrnqeuv.dll Has been deleted!
Attempting to delete C:\windows\system32\bgfuulpa.exe
C:\windows\system32\bgfuulpa.exe Has been deleted!
Attempting to delete C:\windows\system32\bxgjgocb.dll
C:\windows\system32\bxgjgocb.dll Has been deleted!
Attempting to delete C:\windows\system32\cslmussy.dll
C:\windows\system32\cslmussy.dll Has been deleted!
Attempting to delete C:\windows\system32\cwvvvuil.dll
C:\windows\system32\cwvvvuil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cwywejlj.ini
C:\WINDOWS\system32\cwywejlj.ini Has been deleted!
Attempting to delete C:\windows\system32\dqaxarpm.dll
C:\windows\system32\dqaxarpm.dll Has been deleted!
Attempting to delete C:\windows\system32\duxcekeu.dll
C:\windows\system32\duxcekeu.dll Has been deleted!
Attempting to delete C:\windows\system32\emmsbpqt.dll
C:\windows\system32\emmsbpqt.dll Has been deleted!
Attempting to delete C:\windows\system32\gbyibaon.exe
C:\windows\system32\gbyibaon.exe Has been deleted!
Attempting to delete C:\windows\system32\ggymjnwh.dll
C:\windows\system32\ggymjnwh.dll Has been deleted!
Attempting to delete C:\windows\system32\gxbwvdik.exe
C:\windows\system32\gxbwvdik.exe Has been deleted!
Attempting to delete C:\windows\system32\iqeepyoq.dll
C:\windows\system32\iqeepyoq.dll Has been deleted!
Attempting to delete C:\windows\system32\jiisvfkb.exe
C:\windows\system32\jiisvfkb.exe Has been deleted!
Attempting to delete C:\windows\system32\jlygeqtr.dll
C:\windows\system32\jlygeqtr.dll Has been deleted!
Attempting to delete C:\windows\system32\jrfvcnra.dll
C:\windows\system32\jrfvcnra.dll Has been deleted!
Attempting to delete C:\windows\system32\juakchon.dll
C:\windows\system32\juakchon.dll Has been deleted!
Attempting to delete C:\windows\system32\kaxyeobk.dll
C:\windows\system32\kaxyeobk.dll Has been deleted!
Attempting to delete C:\windows\system32\kohtdluu.dll
C:\windows\system32\kohtdluu.dll Has been deleted!
Attempting to delete C:\windows\system32\kovipkxc.dll
C:\windows\system32\kovipkxc.dll Has been deleted!
Attempting to delete C:\windows\system32\krlyktea.dll
C:\windows\system32\krlyktea.dll Has been deleted!
Attempting to delete C:\windows\system32\lambdhfs.dll
C:\windows\system32\lambdhfs.dll Has been deleted!
Attempting to delete C:\windows\system32\mbqjferk.dll
C:\windows\system32\mbqjferk.dll Has been deleted!
Attempting to delete C:\windows\system32\mlgotytx.exe
C:\windows\system32\mlgotytx.exe Has been deleted!
Attempting to delete C:\windows\system32\mpptwmor.dll
C:\windows\system32\mpptwmor.dll Has been deleted!
Attempting to delete C:\windows\system32\msjeucxt.dll
C:\windows\system32\msjeucxt.dll Has been deleted!
Attempting to delete C:\windows\system32\noegrdce.dll
C:\windows\system32\noegrdce.dll Has been deleted!
Attempting to delete C:\windows\system32\oswbcvuf.dll
C:\windows\system32\oswbcvuf.dll Has been deleted!
Attempting to delete C:\windows\system32\oxjgfnsl.dll
C:\windows\system32\oxjgfnsl.dll Has been deleted!
Attempting to delete C:\windows\system32\pdefqbtd.exe
C:\windows\system32\pdefqbtd.exe Has been deleted!
Attempting to delete C:\windows\system32\pjongacw.dll
C:\windows\system32\pjongacw.dll Has been deleted!
Attempting to delete C:\windows\system32\pnthcobx.dll
C:\windows\system32\pnthcobx.dll Has been deleted!
Attempting to delete C:\windows\system32\pqstv.bak1
C:\windows\system32\pqstv.bak1 Has been deleted!
Attempting to delete C:\windows\system32\pqstv.bak2
C:\windows\system32\pqstv.bak2 Has been deleted!
Attempting to delete C:\windows\system32\pqstv.ini
C:\windows\system32\pqstv.ini Has been deleted!
Attempting to delete C:\windows\system32\pqstv.ini2
C:\windows\system32\pqstv.ini2 Has been deleted!
Attempting to delete C:\windows\system32\pqstv.tmp
C:\windows\system32\pqstv.tmp Has been deleted!
Attempting to delete C:\windows\system32\pxaykkxc.exe
C:\windows\system32\pxaykkxc.exe Has been deleted!
Attempting to delete C:\windows\system32\pyymetps.dll
C:\windows\system32\pyymetps.dll Has been deleted!
Attempting to delete C:\windows\system32\qesksudu.dll
C:\windows\system32\qesksudu.dll Has been deleted!
Attempting to delete C:\windows\system32\qghmljbh.exe
C:\windows\system32\qghmljbh.exe Has been deleted!
Attempting to delete C:\windows\system32\rfcmiyqp.dll
C:\windows\system32\rfcmiyqp.dll Has been deleted!
Attempting to delete C:\windows\system32\rrokwnjt.dll
C:\windows\system32\rrokwnjt.dll Has been deleted!
Attempting to delete C:\windows\system32\rtempegq.dll
C:\windows\system32\rtempegq.dll Has been deleted!
Attempting to delete C:\windows\system32\sjnjarqq.dll
C:\windows\system32\sjnjarqq.dll Has been deleted!
Attempting to delete C:\windows\system32\snaqbavf.dll
C:\windows\system32\snaqbavf.dll Has been deleted!
Attempting to delete C:\windows\system32\titkxebg.dll
C:\windows\system32\titkxebg.dll Has been deleted!
Attempting to delete C:\windows\system32\tuvijalr.dll
C:\windows\system32\tuvijalr.dll Has been deleted!
Attempting to delete C:\windows\system32\uborbluf.dll
C:\windows\system32\uborbluf.dll Has been deleted!
Attempting to delete C:\windows\system32\vejfvaws.dll
C:\windows\system32\vejfvaws.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Could not be deleted.
Attempting to delete C:\windows\system32\vxfaftwb.dll
C:\windows\system32\vxfaftwb.dll Has been deleted!
Attempting to delete C:\windows\system32\vyysvnek.dll
C:\windows\system32\vyysvnek.dll Has been deleted!
Attempting to delete C:\windows\system32\wqwybfrp.exe
C:\windows\system32\wqwybfrp.exe Has been deleted!
Attempting to delete C:\windows\system32\yctafuxf.dll
C:\windows\system32\yctafuxf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 11:01:12 PM 10/1/2007
Listing files found while scanning....
C:\windows\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\vtsqp.dll
Beginning removal...
Attempting to delete C:\windows\system32\pqstv.ini
C:\windows\system32\pqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\pqstv.ini
C:\windows\system32\pqstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vtsqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
butsukoy
2007-10-02, 08:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:50 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ikglpoit.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BACDCDB-4974-4D36-B775-DC2C7B547743} - C:\WINDOWS\system32\avwa.dll
O2 - BHO: (no name) - {253DF21C-89FA-4577-A1FE-81FC8C0B904c} - C:\WINDOWS\system32\oxjgfnsl.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\vtsqp.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: gmnriagd - gmnriagd.dll (file missing)
O20 - Winlogon Notify: ssttq - ssttq.dll (file missing)
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ikglpoit.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif
--
End of file - 14673 bytes
butsukoy
2007-10-02, 08:23
SmitFraudFix v2.235
Scan done at 23:13:07.67, Mon 10/01/2007
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ikglpoit.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg"
"SubscribedURL"="http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif"
"SubscribedURL"="http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F68FBD48-6376-4059-821E-9D50FEDCD543}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F68FBD48-6376-4059-821E-9D50FEDCD543}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F68FBD48-6376-4059-821E-9D50FEDCD543}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent
I'd like you to read the Guidelines for P2P Programs (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u2
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Download and Run ComboFix
Download Combofix from one of the two links below :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
butsukoy
2007-10-02, 20:46
Thank you. I do not see BitTorrent on the Add/Remove Programs list. Here is the Combofix log.
ComboFix 07-10-02.2 - HP_Owner 2007-10-02 11:21:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.156 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\VRPYT6CP\www.broadcaster.com
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\VRPYT6CP\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\uninstall information
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\afxcwctl.exe
C:\WINDOWS\system32\amsknddf.dll
C:\WINDOWS\system32\apmjhedg.exe
C:\WINDOWS\system32\aqewaylg.exe
C:\WINDOWS\system32\atbiybes.exe
C:\WINDOWS\system32\atsorwlf.exe
C:\WINDOWS\system32\bcvdxjks.exe
C:\WINDOWS\system32\bfyigygy.exe
C:\WINDOWS\system32\blkqwyev.exe
C:\WINDOWS\system32\bmltroxg.exe
C:\WINDOWS\system32\bnmaafab.exe
C:\WINDOWS\system32\bpvgmsnt.exe
C:\WINDOWS\system32\bpwmdgxi.exe
C:\WINDOWS\system32\bwdaoxmk.exe
C:\WINDOWS\system32\ctasrvxi.dll
C:\WINDOWS\system32\cvwgivfy.exe
C:\WINDOWS\system32\dmivyqli.exe
C:\WINDOWS\system32\dodinewi.exe
C:\WINDOWS\system32\drivers\pjhgkiiz.sys
C:\WINDOWS\system32\drivers\yzmbicbk.sys
C:\WINDOWS\system32\dwbflydo.dll
C:\WINDOWS\system32\efrvtgnt.exe
C:\WINDOWS\system32\ejaweexe.exe
C:\WINDOWS\system32\emasrkgh.exe
C:\WINDOWS\system32\epmsskdp.exe
C:\WINDOWS\system32\fccwewao.exe
C:\WINDOWS\system32\gapdpguk.exe
C:\WINDOWS\system32\gekcwybl.exe
C:\WINDOWS\system32\gfwidykh.exe
C:\WINDOWS\system32\gggsmahf.exe
C:\WINDOWS\system32\gljewuto.dll
C:\WINDOWS\system32\gsfexycc.exe
C:\WINDOWS\system32\gsrarnnq.exe
C:\WINDOWS\system32\hbisaemw.exe
C:\WINDOWS\system32\hdgfaqfh.exe
C:\WINDOWS\system32\hfutgnpk.exe
C:\WINDOWS\system32\hqlkonpg.exe
C:\WINDOWS\system32\hvgjcods.exe
C:\WINDOWS\system32\icyjxdod.exe
C:\WINDOWS\system32\ifmtoobl.exe
C:\WINDOWS\system32\ikglpoit.exe
C:\WINDOWS\system32\inqqulqw.exe
C:\WINDOWS\system32\iofqcdny.exe
C:\WINDOWS\system32\ishnajep.exe
C:\WINDOWS\system32\itqahdty.exe
C:\WINDOWS\system32\itsaenpk.exe
C:\WINDOWS\system32\jlobrtxh.dll
C:\WINDOWS\system32\jtyhenxe.exe
C:\WINDOWS\system32\kdckrnuy.exe
C:\WINDOWS\system32\lbygucws.exe
C:\WINDOWS\system32\lwgrmswg.dll
C:\WINDOWS\system32\lxosdrej.exe
C:\WINDOWS\system32\mbowsxhn.exe
C:\WINDOWS\system32\mdwisnel.exe
C:\WINDOWS\system32\mfhskbxf.exe
C:\WINDOWS\system32\middwfne.exe
C:\WINDOWS\system32\mwlcluyk.exe
C:\WINDOWS\system32\mwmqvrlg.exe
C:\WINDOWS\system32\nipvyyte.dll
C:\WINDOWS\system32\nodahuua.exe
C:\WINDOWS\system32\ntiqavab.exe
C:\WINDOWS\system32\nvwycgif.exe
C:\WINDOWS\system32\ofyapyfl.exe
C:\WINDOWS\system32\olffoiin.dll
C:\WINDOWS\system32\oofnagwb.exe
C:\WINDOWS\system32\phohxuyg.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pvodlqex.exe
C:\WINDOWS\system32\qdukwgso.exe
C:\WINDOWS\system32\qibaopqx.exe
C:\WINDOWS\system32\qkycresg.exe
C:\WINDOWS\system32\qusorkka.dll
C:\WINDOWS\system32\qvldigfr.exe
C:\WINDOWS\system32\qwdmclqc.dll
C:\WINDOWS\system32\qyoscmeu.exe
C:\WINDOWS\system32\riwvfxih.exe
C:\WINDOWS\system32\rnglcmdo.exe
C:\WINDOWS\system32\sakqricl.dll
C:\WINDOWS\system32\savflfaj.exe
C:\WINDOWS\system32\sehmhvoq.exe
C:\WINDOWS\system32\sfvamqny.dll
C:\WINDOWS\system32\sluiwoix.dll
C:\WINDOWS\system32\smksohad.exe
C:\WINDOWS\system32\toxujwtd.exe
C:\WINDOWS\system32\tsbsjxui.exe
C:\WINDOWS\system32\tsthxjcn.exe
C:\WINDOWS\system32\tsvreyyw.exe
C:\WINDOWS\system32\tyrdwkfv.exe
C:\WINDOWS\system32\ueijfmqj.exe
C:\WINDOWS\system32\uikawjsh.exe
C:\WINDOWS\system32\ujegduek.exe
C:\WINDOWS\system32\uocsckye.exe
C:\WINDOWS\system32\vbyssdbp.exe
C:\WINDOWS\system32\vcpxxgcj.exe
C:\WINDOWS\system32\vepurfbu.dll
C:\WINDOWS\system32\vgvjykry.exe
C:\WINDOWS\system32\vhcvckmw.exe
C:\WINDOWS\system32\vmvbodhh.exe
C:\WINDOWS\system32\vmvwynrn.exe
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vwjikqdw.exe
C:\WINDOWS\system32\wnsovvmo.exe
C:\WINDOWS\system32\wumaekho.dll
C:\WINDOWS\system32\ycjmqunt.dll
C:\WINDOWS\system32\yfuebqhc.dll
C:\WINDOWS\system32\yiaeflsm.exe
C:\WINDOWS\system32\ynlddcxr.exe
C:\WINDOWS\system32\ytngeblh.exe
C:\WINDOWS\system32\ytqdsegj.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_HFXMHHBL
-------\DomainService
-------\hfxmhhbl
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.
2007-10-02 11:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 23:13 4,670 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 23:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-01 23:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-01 23:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-01 23:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-01 23:12 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-01 23:03 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-01 22:54 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:44 <DIR> d-------- C:\Program Files\Webteh
2007-09-27 08:39 91,648 --a------ C:\WINDOWS\system32\avwa.dll
2007-09-26 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-26 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 09:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2007-09-25 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-25 09:20 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-09-25 09:20 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-09-25 09:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-25 09:20 <DIR> d-------- C:\Program Files\DIFX
2007-09-24 17:51 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 11:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-01 15:37 --------- d-------- C:\Program Files\Absolute Poker
2007-09-30 15:43 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer
2007-09-28 16:10 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus
2007-09-25 09:59 --------- d-------- C:\Program Files\Lavasoft
2007-09-25 09:57 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 17:50 --------- d-------- C:\Program Files\Pure Networks
2007-09-24 17:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-09-05 21:32 --------- d-------- C:\Program Files\Azureus
2007-09-05 17:12 4113 --a------ C:\WINDOWS\viassary-hp.reg
2007-09-04 12:14 --------- d-------- C:\Program Files\StepMania
2007-08-24 10:30 --------- d-------- C:\Program Files\AIM6
2007-08-24 10:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-08-22 21:44 --------- d-------- C:\Program Files\ZSNES
2007-08-14 20:53 --------- d-------- C:\Program Files\MixMeister BPM Analyzer
2007-08-14 10:59 --------- d-------- C:\Program Files\Illustrate
2007-08-08 10:06 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer Pro
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253DF21C-89FA-4577-A1FE-81FC8C0B904c}]
C:\WINDOWS\system32\oxjgfnsl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-08 23:18]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 21:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 22:00]
"Nsv"="C:\WINDOWS\system32\nsvsvc\nsvsvc.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 09:39]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"BitTorrent"="C:\Program Files\Bittorrent\bittorrent.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmnriagd]
gmnriagd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq]
ssttq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
rundll32.exe "C:\WINDOWS\system32\vyxpquqn.dll",setvm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134180054\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\tpuhsdru.dll",forkonce
R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
*Newly Created Service* - HFXMHHBL
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 18:37:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 11:35:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-02 11:38:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 11:38
.
--- E O F ---
Well we are certainly removing a lot of files :)
AbsolutePoker<--This is not malware but can come bundled with it. If you didn't install it yourself, please remove it.
Regarding the P2P programs, you also have Azureus installed along with Bitcomet.
Do you wish to remove them ?
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\system32\avwa.dll
C:\WINDOWS\system32\tpuhsdru.dll
C:\WINDOWS\system32\vyxpquqn.dll
C:\WINDOWS\system32\oxjgfnsl.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmnriagd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253DF21C-89FA-4577-A1FE-81FC8C0B904c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Kaspersky Online Scanner .
Go Here http://www.kaspersky.com/virusscanner
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
ComboFix Log
Kaspersky Log
A Fresh HJT log
How are things running now ?
butsukoy
2007-10-04, 08:17
Thank you. Absolute Poker is fine. I also plan on keeping Azureus around. I’m not sure where this BitComet is from; I don’t see it anywhere, along with BitTorrent. Anyways, the computer is running quite smoothly now. There are no unexpected CPU peaks so far and no random internet browser disconnects. Also, all of the programs that refused to launch before the computer fixes start now. Hopefully, the cleansing is almost complete. Here you go.
ComboFix 07-10-02.2 - HP_Owner 2007-10-03 8:29:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\avwa.dll
C:\WINDOWS\system32\tpuhsdru.dll
C:\WINDOWS\system32\vyxpquqn.dll
C:\WINDOWS\system32\oxjgfnsl.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\avwa.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.
2007-10-02 11:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 23:13 4,670 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 23:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-01 23:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-01 23:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-01 23:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-01 23:12 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-01 23:03 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-01 22:54 <DIR> d-------- C:\VundoFix Backups
2007-09-30 15:44 <DIR> d-------- C:\Program Files\Webteh
2007-09-26 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-26 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 09:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2007-09-25 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-25 09:20 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-09-25 09:20 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-09-25 09:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-25 09:20 <DIR> d-------- C:\Program Files\DIFX
2007-09-24 17:51 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 20:15 --------- d-------- C:\Program Files\Absolute Poker
2007-10-02 15:44 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-30 15:43 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer
2007-09-28 16:10 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus
2007-09-25 09:59 --------- d-------- C:\Program Files\Lavasoft
2007-09-25 09:57 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 17:50 --------- d-------- C:\Program Files\Pure Networks
2007-09-24 17:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-09-05 21:32 --------- d-------- C:\Program Files\Azureus
2007-09-05 17:12 4113 --a------ C:\WINDOWS\viassary-hp.reg
2007-09-04 12:14 --------- d-------- C:\Program Files\StepMania
2007-08-24 10:30 --------- d-------- C:\Program Files\AIM6
2007-08-24 10:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-08-22 21:44 --------- d-------- C:\Program Files\ZSNES
2007-08-14 20:53 --------- d-------- C:\Program Files\MixMeister BPM Analyzer
2007-08-14 10:59 --------- d-------- C:\Program Files\Illustrate
2007-08-08 10:06 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer Pro
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-08 23:18]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 21:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 22:00]
"Nsv"="C:\WINDOWS\system32\nsvsvc\nsvsvc.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 09:39]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"BitTorrent"="C:\Program Files\Bittorrent\bittorrent.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134180054\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 15:37:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 08:36:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-03 8:39:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 08:39
C:\ComboFix2.txt ... 2007-10-02 11:38
.
--- E O F ---
butsukoy
2007-10-04, 08:20
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 03, 2007 9:04:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 4/10/2007
Kaspersky Anti-Virus database records: 426942
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 152474
Number of viruses found: 19
Number of infected objects: 390
Number of suspicious objects: 2
Duration of the scan process: 03:40:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PopuppersAdvertising.zip/sixtypopsix.exe Infected: Trojan.Win32.LowZones.am skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PopuppersAdvertising.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeachToolbarCorpToolbarVision15.zip/VSToolBar.dll Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeachToolbarCorpToolbarVision15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar17.zip/sljgyust.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar18.zip/qafmeast.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar19.zip/hqkwyxod.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip/180axhook.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip/shah.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip/180ax.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde105.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde105.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde107.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde107.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde108.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde108.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde110.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde110.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde112.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde112.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde114.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde114.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde122.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde122.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde129.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde129.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde135.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde135.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde141.zip/yjnrrjtj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde141.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde142.zip/tsyteprd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde142.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde143.zip/nlfprdnq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde143.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde144.zip/egtuowwy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde144.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde145.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde145.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde158.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde158.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde164.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde164.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde173.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde173.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde178.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde178.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde190.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde190.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde40.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde40.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde46.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde46.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde52.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde52.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde57.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde57.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde63.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde63.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde64.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde64.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde70.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde70.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde75.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde75.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde77.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde77.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde78.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde78.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde98.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde98.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Desktop\Fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Owner\Desktop\Fix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Owner\Desktop\Fix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Owner\Desktop\Fix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012007100320071004\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
butsukoy
2007-10-04, 08:22
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\afxcwctl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\apmjhedg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\aqewaylg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\atbiybes.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\atsorwlf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bcvdxjks.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bfyigygy.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\blkqwyev.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bmltroxg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bnmaafab.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bpvgmsnt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bpwmdgxi.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bwdaoxmk.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ctasrvxi.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cvwgivfy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dmivyqli.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dodinewi.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\yzmbicbk.sys.vir Infected: Trojan.Win32.BHO.gy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dwbflydo.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\efrvtgnt.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ejaweexe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\emasrkgh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\epmsskdp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fccwewao.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gapdpguk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gekcwybl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gfwidykh.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gggsmahf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gsfexycc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gsrarnnq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hbisaemw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hdgfaqfh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hfutgnpk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hqlkonpg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hvgjcods.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\icyjxdod.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ifmtoobl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ikglpoit.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\inqqulqw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iofqcdny.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ishnajep.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\itqahdty.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\itsaenpk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jlobrtxh.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jtyhenxe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kdckrnuy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lbygucws.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lxosdrej.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mbowsxhn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mdwisnel.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mfhskbxf.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\middwfne.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mwlcluyk.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mwmqvrlg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nodahuua.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ntiqavab.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nvwycgif.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ofyapyfl.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oofnagwb.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pvodlqex.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qdukwgso.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qibaopqx.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qkycresg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qvldigfr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qyoscmeu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\riwvfxih.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rnglcmdo.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sakqricl.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\savflfaj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sehmhvoq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\smksohad.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\toxujwtd.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tsbsjxui.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tsthxjcn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tsvreyyw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tyrdwkfv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ueijfmqj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uikawjsh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ujegduek.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uocsckye.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vbyssdbp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vcpxxgcj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vgvjykry.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vhcvckmw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vmvbodhh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vmvwynrn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vwjikqdw.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wnsovvmo.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ycjmqunt.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yiaeflsm.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ynlddcxr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ytngeblh.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ytqdsegj.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\catchme2007-10-02_113516.43.zip/pjhgkiiz.sys Infected: Rootkit.Win32.Agent.iy skipped
C:\qoobox\Quarantine\catchme2007-10-02_113516.43.zip/vtsqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\qoobox\Quarantine\catchme2007-10-02_113516.43.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0086969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0087010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP623\A0087019.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP624\A0087046.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP624\A0087047.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP627\A0087183.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP627\A0087223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP628\A0087256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP628\A0087275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP629\A0087294.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP630\A0087414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP630\A0087430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087441.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP631\A0087471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP632\A0087490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087576.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087595.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP633\A0087596.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0087670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0088670.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0088677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0089677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP634\A0089703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP635\A0089768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP636\A0089801.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP636\A0089813.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP638\A0089827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP639\A0089846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP639\A0089869.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091363.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP661\A0091365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
butsukoy
2007-10-04, 08:25
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP690\A0100419.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP693\A0101604.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP693\A0101649.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP694\A0101711.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP694\A0101724.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP695\A0101749.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0101867.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0101887.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0102897.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0102927.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0102949.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP697\A0102994.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103019.exe Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103020.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103029.sys Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103034.exe Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103035.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103036.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103044.sys Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103060.exe Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103061.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103062.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103063.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103070.sys Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103074.exe Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP698\A0103075.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP699\A0103103.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP699\A0103122.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP700\A0104179.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP700\A0104180.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104257.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104258.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104259.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104260.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104261.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104262.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104263.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104264.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104265.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104266.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104267.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104268.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104271.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104274.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104276.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104277.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104278.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104279.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104280.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104281.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104283.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104285.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104286.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104288.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104290.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104296.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104297.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104298.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104300.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104301.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104303.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104304.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104306.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104308.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104310.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104311.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104312.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104314.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104315.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP701\A0104316.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104484.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104485.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104486.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104487.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104488.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104489.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104490.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104491.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104492.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104493.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104494.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104495.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104496.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104497.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104498.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104499.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104500.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104501.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104502.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104503.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104504.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104505.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104506.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104507.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104508.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104509.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104510.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104511.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104512.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104513.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104514.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104515.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104516.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104517.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104518.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104519.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104520.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104521.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104522.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104523.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104524.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104525.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104526.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104527.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104528.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104529.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104530.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104531.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104532.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104533.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104534.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104535.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104536.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104537.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104538.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104539.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104540.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104541.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104542.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104543.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104544.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104545.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104546.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104547.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104548.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104549.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104550.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104551.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104552.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104553.exe Infected: Trojan.Win32.Agent.bck skipped
butsukoy
2007-10-04, 08:26
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104554.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104555.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104556.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104557.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104558.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104559.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104560.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104561.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104562.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104563.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104564.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104565.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104566.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104567.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104568.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104569.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104570.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104571.sys Infected: Trojan.Win32.BHO.gy skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104573.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104574.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104576.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104583.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP704\A0104588.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP705\A0104697.dll Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP705\change.log Object is locked skipped
C:\VundoFix Backups\anrnqeuv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\bgfuulpa.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\cslmussy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\cwvvvuil.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\duxcekeu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\emmsbpqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\gbyibaon.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\ggymjnwh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\gxbwvdik.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\iqeepyoq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\jiisvfkb.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\jlygeqtr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\VundoFix Backups\juakchon.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\kaxyeobk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\kohtdluu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\kovipkxc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\lambdhfs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\mlgotytx.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\noegrdce.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\pdefqbtd.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\pjongacw.dll.bad Suspicious: Packed.Win32.Morphine.a skipped
C:\VundoFix Backups\pnthcobx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\pxaykkxc.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\pyymetps.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\qghmljbh.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\rfcmiyqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\rtempegq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\sjnjarqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\snaqbavf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\tuvijalr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\uborbluf.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\vejfvaws.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\vtsqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.t skipped
C:\VundoFix Backups\vxfaftwb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\vyysvnek.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\wqwybfrp.exe.bad Infected: not-a-virus:AdWare.Win32.Searchcolor.b skipped
C:\VundoFix Backups\yctafuxf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gctjlcmt.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\griusimn.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hebouwkj.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\system32\hhlrtyru.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\mkrmniyc.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\nojuyklj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\siauqrlu.exe Infected: not-a-virus:AdWare.Win32.Searchcolor.a skipped
C:\WINDOWS\system32\toeegrto.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\twuisbsl.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP705\change.log Object is locked skipped
Scan process completed.
butsukoy
2007-10-04, 08:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:33 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Bittorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif
--
End of file - 13793 bytes
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PopuppersAdvertising.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeachToolbarCorpToolbarVision15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar17.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar18.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar19.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde105.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde108.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde110.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde112.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde114.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde122.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde129.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde135.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde141.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde142.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde143.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde144.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde145.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde158.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde164.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde173.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde178.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde190.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde40.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde46.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde52.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde57.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde63.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde64.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde70.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde75.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde77.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde78.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde98.zip
C:\WINDOWS\system32\gctjlcmt.exe
C:\WINDOWS\system32\griusimn.exe
C:\WINDOWS\system32\hebouwkj.exe
C:\WINDOWS\system32\hhlrtyru.exe
C:\WINDOWS\system32\mkrmniyc.dll
C:\WINDOWS\system32\nojuyklj.dll
C:\WINDOWS\system32\siauqrlu.exe
C:\WINDOWS\system32\toeegrto.dll
C:\WINDOWS\system32\twuisbsl.exe
Folder::
C:\VundoFix Backups
C:\Program Files\Bittorrent
C:\WINDOWS\system32\nsvsvc
C:\Program Files\AWS\WeatherBug
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nsv"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=-
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Right click http://mvps.org/winhelp2002/DelDomains.inf
and select Save As to download WinHelp2002's DelDomains.inf.
Please save the file somewhere you can find it like on the Desktop.
To run the inf file, right click on it and select Install.
I see Viewpoint installed..
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article (http://www.clickz.com/news/article.php/3561546).
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
Viewpoint
Viewpoint Manager
Viewpoint Media Player
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
ComboFix Log
A fresh HJT log
Do you use AOL, or was it just preinstalled ?
butsukoy
2007-10-04, 20:41
We used to have AOL a couple of years ago. Here are the logs requested.
ComboFix 07-10-02.2 - HP_Owner 2007-10-04 11:04:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PopuppersAdvertising.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeachToolbarCorpToolbarVision15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar17.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar18.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar19.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde105.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde108.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde110.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde112.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde114.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde122.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde129.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde135.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde141.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde142.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde143.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde144.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde145.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde158.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde164.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde173.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde178.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde190.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde40.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde46.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde52.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde57.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde63.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde64.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde70.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde75.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde77.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde78.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde98.zip
C:\WINDOWS\system32\gctjlcmt.exe
C:\WINDOWS\system32\griusimn.exe
C:\WINDOWS\system32\hebouwkj.exe
C:\WINDOWS\system32\hhlrtyru.exe
C:\WINDOWS\system32\mkrmniyc.dll
C:\WINDOWS\system32\nojuyklj.dll
C:\WINDOWS\system32\siauqrlu.exe
C:\WINDOWS\system32\toeegrto.dll
C:\WINDOWS\system32\twuisbsl.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PopuppersAdvertising.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeachToolbarCorpToolbarVision15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar17.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar18.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar19.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde105.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde108.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde110.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde112.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde114.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde122.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde129.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde135.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde141.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde142.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde143.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde144.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde145.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde158.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde164.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde173.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde178.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde190.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde40.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde46.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde52.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde57.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde63.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde64.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde70.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde75.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde77.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde78.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtuMonde98.zip
C:\Program Files\AWS\WeatherBug
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
C:\Program Files\AWS\WeatherBug\REMOVE.EXE
C:\VundoFix Backups
C:\VundoFix Backups\anrnqeuv.dll.bad
C:\VundoFix Backups\bgfuulpa.exe.bad
C:\VundoFix Backups\bxgjgocb.dll.bad
C:\VundoFix Backups\cslmussy.dll.bad
C:\VundoFix Backups\cwvvvuil.dll.bad
C:\VundoFix Backups\cwywejlj.ini.bad
C:\VundoFix Backups\dqaxarpm.dll.bad
C:\VundoFix Backups\duxcekeu.dll.bad
C:\VundoFix Backups\emmsbpqt.dll.bad
C:\VundoFix Backups\gbyibaon.exe.bad
C:\VundoFix Backups\ggymjnwh.dll.bad
C:\VundoFix Backups\gxbwvdik.exe.bad
C:\VundoFix Backups\iqeepyoq.dll.bad
C:\VundoFix Backups\jiisvfkb.exe.bad
C:\VundoFix Backups\jlygeqtr.dll.bad
C:\VundoFix Backups\jrfvcnra.dll.bad
C:\VundoFix Backups\juakchon.dll.bad
C:\VundoFix Backups\kaxyeobk.dll.bad
C:\VundoFix Backups\kohtdluu.dll.bad
C:\VundoFix Backups\kovipkxc.dll.bad
C:\VundoFix Backups\krlyktea.dll.bad
C:\VundoFix Backups\lambdhfs.dll.bad
C:\VundoFix Backups\mbqjferk.dll.bad
C:\VundoFix Backups\mlgotytx.exe.bad
C:\VundoFix Backups\mpptwmor.dll.bad
C:\VundoFix Backups\msjeucxt.dll.bad
C:\VundoFix Backups\noegrdce.dll.bad
C:\VundoFix Backups\oswbcvuf.dll.bad
C:\VundoFix Backups\oxjgfnsl.dll.bad
C:\VundoFix Backups\pdefqbtd.exe.bad
C:\VundoFix Backups\pjongacw.dll.bad
C:\VundoFix Backups\pnthcobx.dll.bad
C:\VundoFix Backups\pqstv.bak1.bad
C:\VundoFix Backups\pqstv.bak2.bad
C:\VundoFix Backups\pqstv.ini.bad
C:\VundoFix Backups\pqstv.ini2.bad
C:\VundoFix Backups\pqstv.tmp.bad
C:\VundoFix Backups\pxaykkxc.exe.bad
C:\VundoFix Backups\pyymetps.dll.bad
C:\VundoFix Backups\qesksudu.dll.bad
C:\VundoFix Backups\qghmljbh.exe.bad
C:\VundoFix Backups\rfcmiyqp.dll.bad
C:\VundoFix Backups\rrokwnjt.dll.bad
C:\VundoFix Backups\rtempegq.dll.bad
C:\VundoFix Backups\sjnjarqq.dll.bad
C:\VundoFix Backups\snaqbavf.dll.bad
C:\VundoFix Backups\titkxebg.dll.bad
C:\VundoFix Backups\tuvijalr.dll.bad
C:\VundoFix Backups\uborbluf.dll.bad
C:\VundoFix Backups\vejfvaws.dll.bad
C:\VundoFix Backups\vtsqp.dll.bad
C:\VundoFix Backups\vxfaftwb.dll.bad
C:\VundoFix Backups\vyysvnek.dll.bad
C:\VundoFix Backups\wqwybfrp.exe.bad
C:\VundoFix Backups\yctafuxf.dll.bad
C:\WINDOWS\system32\gctjlcmt.exe
C:\WINDOWS\system32\griusimn.exe
C:\WINDOWS\system32\hebouwkj.exe
C:\WINDOWS\system32\hhlrtyru.exe
C:\WINDOWS\system32\mkrmniyc.dll
C:\WINDOWS\system32\nojuyklj.dll
C:\WINDOWS\system32\siauqrlu.exe
C:\WINDOWS\system32\toeegrto.dll
C:\WINDOWS\system32\twuisbsl.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.
2007-10-02 11:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 23:13 4,670 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-01 23:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-01 23:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-01 23:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-01 23:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-01 23:12 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-01 23:03 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-09-30 15:44 <DIR> d-------- C:\Program Files\Webteh
2007-09-26 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-26 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 11:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-26 09:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2007-09-25 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-25 09:20 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-09-25 09:20 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-09-25 09:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-25 09:20 <DIR> d-------- C:\Program Files\DIFX
2007-09-24 17:51 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 11:07 --------- d-------- C:\Program Files\AWS
2007-10-04 10:56 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-04 10:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-03 17:13 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus
2007-10-02 20:15 --------- d-------- C:\Program Files\Absolute Poker
2007-09-30 15:43 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer
2007-09-25 09:59 --------- d-------- C:\Program Files\Lavasoft
2007-09-25 09:57 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-24 17:50 --------- d-------- C:\Program Files\Pure Networks
2007-09-24 17:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-09-05 21:32 --------- d-------- C:\Program Files\Azureus
2007-09-05 17:12 4113 --a------ C:\WINDOWS\viassary-hp.reg
2007-09-04 12:14 --------- d-------- C:\Program Files\StepMania
2007-08-24 10:30 --------- d-------- C:\Program Files\AIM6
2007-08-24 10:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-08-22 21:44 --------- d-------- C:\Program Files\ZSNES
2007-08-14 20:53 --------- d-------- C:\Program Files\MixMeister BPM Analyzer
2007-08-14 10:59 --------- d-------- C:\Program Files\Illustrate
2007-08-08 10:06 --------- d-------- C:\Documents and Settings\HP_Owner\Application Data\BSplayer Pro
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 14:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-08 23:18]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 21:56]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 22:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 09:39]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1134180054\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
R2 pnarp;Network Magic Device Discovery Driver;C:\WINDOWS\system32\DRIVERS\pnarp.sys
R2 purendis;Network Magic Wireless Driver;C:\WINDOWS\system32\DRIVERS\purendis.sys
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 18:12:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
butsukoy
2007-10-04, 20:48
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 11:10:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-04 11:13:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 11:13
C:\ComboFix2.txt ... 2007-10-03 08:39
C:\ComboFix3.txt ... 2007-10-02 11:38
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:48 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif
--
End of file - 12889 bytes
That is looking a lot better :)
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Please post a final HJT log, and how are things running now ?
butsukoy
2007-10-05, 18:46
Things are running wonderfully now. There are no programs like explorer running in the background and the computer is running faster and smoother than previously, for as long as I remember using this thing. Thank you. Here is the final log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:02 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://images.google.com/images?q=tbn:obKMdLcM2V8J:www3.kcn.ne.jp/~pochixm/fabpara/online/ragnarok.jpg
O24 - Desktop Component 1: (no name) - http://images.google.com/images?q=tbn:fmw9pZqzexkJ:www.planetsmilies.com/smilies/avatars/kenshin/kenshin0076.gif
--
End of file - 12175 bytes
Congratulations your logs look clean :D
Let’s see if I can help you keep it that way
First lets tidy up :D
Please delete the following
HostExpert
VundoFix
SmitFraudFix
ComboFix
CFScript.txt
C:\Qoobox
C:\Combofix.txt (all of them)
You can also delete any logs we made.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Now you should disable System restore to purge any infected files and then re-enable it, for help please click HERE (http://www.bleepingcomputer.com/tutorials/tutorial56.html)
Reset System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
Also PLEASE read this article
So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
If you can see a program in the must have section that you have never seen or used then get it!
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
butsukoy
2007-10-08, 00:48
Thank you very much. Everything is going perfectly. I'll follow your advise fully and make sure this doesn't happen again. I'm very glad I signed up on this forum and asked for help. Your service is incredible and you guys deserve all the credit in the world. Thank you for everything. :bigthumb: