PDA

View Full Version : Virtumonde and other spyware



golfinfool
2007-11-17, 18:36
Please help me, I've done everything I can think of. I've even followed a few of the posts listed here. Thanks, Steve

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 6:37:37 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/11/2007
Kaspersky Anti-Virus database records: 460143
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 35616
Number of viruses found: 21
Number of infected objects: 47
Number of suspicious objects: 6
Duration of the scan process: 00:22:15

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\vlwcixvp.dll Infected: Trojan.Win32.BHO.rg skipped
C:\WINDOWS\system32\drvxah.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\system32\adqtqgnx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\cbmodvrn.dll Infected: Trojan.Win32.BHO.xe skipped
C:\WINDOWS\system32\clvycedb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\aivskurq.dll Infected: Trojan-Downloader.Win32.VB.bpt skipped
C:\WINDOWS\system32\drvcuz.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\system32\bvgevqai\bvgevqai2.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\WINDOWS\Temp\gos302.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\Temp\ZLT04f17.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT01a2f.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\STEVE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/win316.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/winA84.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/avp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E83BEB0F.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\27A0CEFA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\yjhmwqup.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Home\Local Settings\Temp\gosA83.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\L14YUS1I\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped
C:\Documents and Settings\Home\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZIIU46CB\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\OHIR8TMB\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\0PLCT3SE\main_banner_v2b[2].swf Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\0PLCT3SE\main_banner_v2b[4].swf Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\096o7tgf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\3269.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP53\A0023956.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP53\A0024178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP54\A0026319.EXE Infected: Trojan-Downloader.Win32.PurityScan.ey skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026411.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026412.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026415.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026416.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026419.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026424.exe Infected: Trojan-Dropper.Win32.VB.tg skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0026602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027554.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027554.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027555.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027556.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027556.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027557.exe Infected: Trojan-Downloader.Win32.Agent.emo skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027558.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027559.exe Infected: Trojan-Downloader.Win32.Alphabet.aa skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027560.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027562.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027562.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027562.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027564.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027565.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027566.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027567.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027568.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027569.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027570.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027571.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027572.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\change.log Object is locked skipped
C:\System Volume Information\_restore{2433E60B-021C-4F7C-9987-5A6046511E63}\RP55\A0027601.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.aju skipped

Scan process completed.

golfinfool
2007-11-17, 18:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:43 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Secmcvxo\rkbvmnvy.dll
O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Ryiuaztc\yfttbcjf.dll
O2 - BHO: {ecb599a2-2cb4-0b79-9694-31e723576253} - {35267532-7e13-4969-97b0-4bc22a995bce} - C:\WINDOWS\system32\axucmgsh.dll
O2 - BHO: (no name) - {391B174C-A6B7-C9D7-6743-01F7A0D663D6} - C:\Program Files\Cxwofnne\jsrceauy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\urqrron.dll (file missing)
O2 - BHO: (no name) - {90A3F364-32A7-4D70-DA2E-39E671845FC3} - C:\WINDOWS\system32\kdrsz.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ugmnmkgf.dll
O2 - BHO: (no name) - {E09AE73A-0269-44D1-BE0A-825CCCE8987A} - C:\Program Files\Internet Explorer\hoqezibok4444.dll (file missing)
O2 - BHO: (no name) - {EE1F07AA-8F58-409B-B3E6-AA09D8127979} - C:\Program Files\Internet Explorer\hoqezibok83122.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ugmnmkgf.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [d89f9531] rundll32.exe "C:\WINDOWS\system32\yxwqejvl.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
O4 - HKCU\..\Run: [Uzqub] "C:\Program Files\Common Files\?ystem\s?oolsv.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: ugmnmkgf - C:\WINDOWS\SYSTEM32\ugmnmkgf.dll
O20 - Winlogon Notify: urqrron - urqrron.dll (file missing)
O20 - Winlogon Notify: winwpy32 - winwpy32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 6288 bytes

golfinfool
2007-11-17, 18:37
ComboFix 07-11-08.1 - Home 2007-11-17 10:35:05.1 - FAT32x86
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Home\Desktop\internet.lnk
C:\Documents and Settings\Home\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Home\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Home\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Home\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Home\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Home\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\3269.exe
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\wnsxs~1\W?nSxS\
C:\Program Files\Common Files\ystem~1
C:\Program Files\SecCenter
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\bvgevqai
C:\WINDOWS\system32\bvgevqai\bg1.gif
C:\WINDOWS\system32\bvgevqai\bgtop.gif
C:\WINDOWS\system32\bvgevqai\bottom1.gif
C:\WINDOWS\system32\bvgevqai\bvgevqai1.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai2.exe
C:\WINDOWS\system32\bvgevqai\bvgevqai3.exe
C:\WINDOWS\system32\bvgevqai\essentials.gif
C:\WINDOWS\system32\bvgevqai\icon1.ico
C:\WINDOWS\system32\bvgevqai\install1.gif
C:\WINDOWS\system32\bvgevqai\left1.gif
C:\WINDOWS\system32\bvgevqai\li.gif
C:\WINDOWS\system32\bvgevqai\logo.gif
C:\WINDOWS\system32\bvgevqai\main.htm
C:\WINDOWS\system32\bvgevqai\mainframe.htm
C:\WINDOWS\system32\bvgevqai\reinstall1.gif
C:\WINDOWS\system32\bvgevqai\right1.gif
C:\WINDOWS\system32\bvgevqai\s1.htm
C:\WINDOWS\system32\bvgevqai\s2.htm
C:\WINDOWS\system32\bvgevqai\s3.htm
C:\WINDOWS\system32\bvgevqai\SMTop1.gif
C:\WINDOWS\system32\bvgevqai\SMTop2.gif
C:\WINDOWS\system32\bvgevqai\SMTop3.gif
C:\WINDOWS\system32\bvgevqai\SMTop4.gif
C:\WINDOWS\system32\bvgevqai\soft1_off.gif
C:\WINDOWS\system32\bvgevqai\soft1_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft1_on.gif
C:\WINDOWS\system32\bvgevqai\soft1_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_off.gif
C:\WINDOWS\system32\bvgevqai\soft2_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft2_on.gif
C:\WINDOWS\system32\bvgevqai\soft2_on_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_off.gif
C:\WINDOWS\system32\bvgevqai\soft3_off_ext.gif
C:\WINDOWS\system32\bvgevqai\soft3_on.gif
C:\WINDOWS\system32\bvgevqai\soft3_on_ext.gif
C:\WINDOWS\system32\bvgevqai\softbottom_off.gif
C:\WINDOWS\system32\bvgevqai\softbottom_on.gif
C:\WINDOWS\system32\bvgevqai\softleft_off.gif
C:\WINDOWS\system32\bvgevqai\softleft_on.gif
C:\WINDOWS\system32\bvgevqai\top1.gif
C:\WINDOWS\system32\bvgevqai\top2.gif
C:\WINDOWS\system32\bvgevqai\turnoff1.gif
C:\WINDOWS\system32\bvgevqai\turnon1.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\h1
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ugmnmkgf.dllbox
C:\WINDOWS\system32\v8
C:\WINDOWS\system32\v8\taldrvr11.exe
C:\WINDOWS\system32\wnsapisv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE


((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 10:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 08:59 <DIR> d--hs---- C:\FOUND.004
2007-11-16 21:17 85,056 --a------ C:\WINDOWS\system32\yxwqejvl.dll
2007-11-16 21:17 81,984 --a------ C:\WINDOWS\system32\axucmgsh.dll
2007-11-16 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-16 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-15 21:40 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-15 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 21:19 79,936 --a------ C:\WINDOWS\system32\ipyjorpf.dll
2007-11-15 20:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-15 20:12 <DIR> d--hs---- C:\FOUND.003
2007-11-15 18:57 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-11-15 18:55 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-15 18:55 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-15 18:54 <DIR> d-------- C:\Program Files\Symantec
2007-11-15 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-15 18:52 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-15 07:39 79,936 --a------ C:\WINDOWS\system32\drhgrrrl.dll
2007-11-15 07:32 <DIR> d--hs---- C:\FOUND.002
2007-11-14 07:34 81,472 --a------ C:\WINDOWS\system32\cbmodvrn.dll
2007-11-14 07:28 <DIR> d--hs---- C:\FOUND.001
2007-11-13 21:29 80,448 --a------ C:\WINDOWS\system32\cveuykuf.dll
2007-11-13 19:18 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2007-11-13 18:52 <DIR> d-------- C:\Program Files\Secmcvxo
2007-11-12 21:36 144,480 --a------ C:\WINDOWS\system32\ugmnmkgf.dll
2007-11-12 21:35 144,480 --a------ C:\WINDOWS\system32\wrbvclht.dll
2007-11-12 21:26 81,472 --a------ C:\WINDOWS\system32\qjycsuti.dll
2007-11-11 21:24 <DIR> d-------- C:\Program Files\Ryiuaztc
2007-11-10 21:35 81,472 --a------ C:\WINDOWS\system32\snmlgxgq.dll
2007-11-10 11:55 <DIR> d-------- C:\Program Files\Hvfqcgws
2007-11-10 11:51 <DIR> d--hs---- C:\FOUND.000
2007-11-09 21:33 77,888 --a------ C:\WINDOWS\system32\fnqclqns.dll
2007-11-08 22:33 80,448 --a------ C:\WINDOWS\system32\wtiocvbb.dll
2007-11-05 22:23 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-05 22:23 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-05 22:22 <DIR> d-------- C:\Program Files\Google
2007-11-04 22:05 104,960 --a------ C:\WINDOWS\system32\drvxah.dll
2007-11-04 22:05 36,864 --a------ C:\WINDOWS\system32\nnnonop.dll
2007-11-04 20:51 78,912 --a------ C:\WINDOWS\system32\vlwcixvp.dll
2007-11-04 20:10 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-04 19:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-04 19:07 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-11-04 19:01 <DIR> d-------- C:\Program Files\Cxwofnne
2007-11-04 18:54 <DIR> d-------- C:\Program Files\HPSW
2007-11-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-04 08:44 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-04 08:43 <DIR> d-------- C:\WINDOWS\pss
2007-11-04 08:41 <DIR> d-------- C:\Program Files\mdgbarkh
2007-11-04 08:41 <DIR> d-------- C:\Program Files\Jwcperdo
2007-11-04 08:41 104,960 --a------ C:\WINDOWS\system32\drvcuz.dll
2007-11-04 08:41 36,864 --a------ C:\WINDOWS\system32\fcccawu.dll
2007-11-04 08:41 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-04 08:41 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-04 08:38 <DIR> d-------- C:\Program Files\Common Files\ąppPatch
2007-11-04 08:37 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-04 08:37 <DIR> d-------- C:\Temp\mZOr
2007-11-04 08:37 <DIR> d-------- C:\Temp
2007-11-03 19:52 <DIR> d-------- C:\Program Files\Picasa2
2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-10-28 20:43 <DIR> d-------- C:\Program Files\Power DVD Player
2007-10-24 22:25 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-24 22:25 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-24 22:21 <DIR> d-------- C:\Program Files\Windows Media Components
2007-10-24 22:21 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-24 22:20 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-24 22:19 <DIR> d-------- C:\Program Files\Logitech
2007-10-23 21:15 <DIR> d-------- C:\Program Files\Audacity
2007-10-21 22:46 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-21 17:27 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-21 17:25 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-10-21 17:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-21 17:18 <DIR> d-------- C:\Program Files\Ahead
2007-10-21 17:18 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-21 17:18 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-21 17:18 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-21 17:18 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-21 17:18 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-21 17:18 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

golfinfool
2007-11-17, 18:38
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 16:05 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-16 00:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-16 00:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-04 13:38 --------- d-----w C:\Program Files\Common Files\?ppPatch
2007-10-31 00:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 00:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-16 18:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-16 00:23 --------- d-----w C:\Program Files\Canon
2007-10-15 22:51 --------- d-----w C:\Program Files\IrfanView
2007-10-10 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-10 01:42 --------- d-----w C:\Program Files\RealArcade
2007-10-04 22:06 --------- d-----w C:\Documents and Settings\Home\Application Data\Yahoo!
2007-10-04 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-04 22:01 --------- d-----w C:\Program Files\Yahoo!
2007-09-29 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-29 01:09 --------- d-----w C:\Program Files\Marvell
2007-09-29 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-29 01:07 --------- d-----w C:\Program Files\Analog Devices
2007-09-29 01:02 --------- d-----w C:\Program Files\Common Files\Verizon Online
2007-09-29 01:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-28 21:52 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 19:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 19:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 19:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 19:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 19:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 19:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 19:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 19:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-06 21:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 21:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-22 13:12 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:12 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:12 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:12 3,058,176 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
2007-11-13 18:52 114688 --a------ C:\Program Files\Secmcvxo\rkbvmnvy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]
2007-11-11 21:24 114688 --a------ C:\Program Files\Ryiuaztc\yfttbcjf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35267532-7e13-4969-97b0-4bc22a995bce}]
2007-11-16 21:17 81984 --a------ C:\WINDOWS\system32\axucmgsh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391B174C-A6B7-C9D7-6743-01F7A0D663D6}]
2007-11-04 19:02 106496 --a------ C:\Program Files\Cxwofnne\jsrceauy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
C:\WINDOWS\system32\urqrron.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90A3F364-32A7-4D70-DA2E-39E671845FC3}]
C:\WINDOWS\system32\kdrsz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-12 21:36 144480 --a------ C:\WINDOWS\system32\ugmnmkgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E09AE73A-0269-44D1-BE0A-825CCCE8987A}]
C:\Program Files\Internet Explorer\hoqezibok4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE1F07AA-8F58-409B-B3E6-AA09D8127979}]
C:\Program Files\Internet Explorer\hoqezibok83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ugmnmkgf.dll [2007-11-12 21:36 144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"d89f9531"="C:\WINDOWS\system32\yxwqejvl.dll" [2007-11-16 21:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"Power DVD Player"="C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 03:28]
"Uzqub"="C:\Program Files\Common Files\?ystem\s?oolsv.exe" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\urqrron.dll [ ]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ugmnmkgf]
ugmnmkgf.dll 2007-11-12 21:36 144480 C:\WINDOWS\system32\ugmnmkgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrron]
urqrron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwpy32]
winwpy32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\twinnldq.exe CHD001

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalwareAlarm]
C:\Program Files\MalwareAlarm\MalwareAlarm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdgbarkh]
rundll32.exe "C:\Program Files\mdgbarkh\qbctyxkj.dll",Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odovyhgn]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\odovyhgn.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcbojgzi]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vcbojgzi.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vkhmdelk]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vkhmdelk.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wlubqjih]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wlubqjih.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsbkhipe]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zsbkhipe.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"gusvc"=3 (0x3)
"comHost"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)

S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 00:11:24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Home.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 11:10:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 11:19:25 - machine was rebooted
.
--- E O F ---

pskelley
2007-11-28, 02:34
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I apologize that you have not been helped, administration has placed this information at the top of this forum to keep that from happening.
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

You also missed this information:
Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc http://forums.spybot.info/showthread.php?t=16806

If your problems have not been resolved, post a new HJT log and be patient, I will respond as soon as possible.

Thanks

pskelley
2007-12-05, 11:30
This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks