PDA

View Full Version : virus and trojans in my computer



mkejoey24z
2007-12-05, 00:56
:sick::sad:Hi there I am new to this whole forums things and somwhat know a little about computers so bare with me please. I am having trobles with smithfraud-CCore Servive,Comand Service, and Virtumonde. Here are the HJT log and Kaspersky log report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:08 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\nboxjnmy.dll",b
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181159403687
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://a612.ac-images.myspacecdn.com/images01/69/m_b73a185d5d4ae802dfcf148bd334a46b.jpg

--
End of file - 7231 bytes

.

mkejoey24z
2007-12-05, 01:00
Here is the kaspersky log file:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 04, 2007 3:55:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/12/2007
Kaspersky Anti-Virus database records: 472418
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 85521
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 2
Duration of the scan process: 00:55:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Joey\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\History\History.IE5\MSHist012007120420071205\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\BCG14.tmp Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\~DF231A.tmp Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joey\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joey\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped
C:\Program Files\TTC.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP194\A0028485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0030434.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0032346.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0032586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0032978.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0042650.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0042650.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0043900.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\A0045142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sm9zZSBMdW5h\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\Sm9zZSBMdW5h\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{810B85B0-EB79-45FA-99FB-29FB6BA19EDC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hv2\swdrv83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\hv2\swdrv83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\jkkhffc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvurroo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000005-00001102-00000004-00531102}.CDF Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\change.log Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP195\change.log Object is locked skipped

Scan process completed.

Well I think i have followed directions right thus far, PLEASE HELP ME!!
Thanks.

pskelley
2007-12-07, 17:46
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Sorry for the wait and thanks for returning the requested information, this looks like Vundo and probably more, you need to know this:
You have a Vundo infection which can be very hard to remove. This will take some time and unless you are patient, understand how to follow directions and are comfortable working on your computer, you may want to seek local professional help. If you wish to proceed, read and follow the directions carefully.

With that out of the way, if we are preceeding, do so like this.

1) Stay offline except when troubleshooting, the junk can download more.

2) TeaTimer will block changes we must make, use these instruction to turn it off until we are done.
http://russelltexas.com/malware/teatimer.htm

3) C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <<< rename HJT, call it mkejoey24z.exe, that will work. After a restart we should see the infection.

4) Thanks to Atribune and any others who helped with this fix.

http://vundofix.atribune.org/ <<< tutorial

"Download VundoFix" to your Desktop

http://www.atribune.org/ccount/click.php?id=4

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click
the Scan for Vundo button." when VundoFix appears at reboot. Vundofix.txt will be on the C:\

(wait until you finish to post reports and logs)

5) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the Vundofix.txt, combofix log and a new HJT log.

Thanks

pskelley
2007-12-16, 23:56
This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks

mkejoey24z
2007-12-18, 23:56
ComboFix 07-12-19.2 - Joey 2007-12-18 15:37:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.329 [GMT -6:00]
Running from: C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\1GBE7RLB\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Joey\Application Data\inst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mrofinu1000140.exe
C:\WINDOWS\system32\pac.txt
C:\winlogon.exe
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-19 15:39 . 2007-12-19 15:39 4,958,588 --------- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000004-00531102}.BAK
2007-12-17 15:07 . 2007-12-17 15:07 <DIR> d-------- C:\WINDOWS\Cache
2007-12-17 15:07 . 2007-12-17 15:07 <DIR> d-------- C:\Program Files\Coupons
2007-12-17 15:07 . 2007-12-17 15:07 189,784 --------- C:\WINDOWS\system32\cpnprt2.cid
2007-12-17 15:07 . 2007-12-17 15:07 189,784 -rah----- C:\WINDOWS\cpnprt2.cid
2007-12-17 15:07 . 2007-12-17 15:07 82 --ah----- C:\WINDOWS\WindowsShellOld.Manifest.1
2007-12-17 15:07 . 2007-12-17 15:07 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-12-16 20:49 . 2007-12-16 21:41 354 ---hs---- C:\WINDOWS\system32\cbspxtpd.ini
2007-12-16 20:46 . 2007-12-16 21:41 <DIR> d-------- C:\VundoFix Backups
2007-12-16 19:46 . 2007-12-16 19:46 2,274 ---hs---- C:\WINDOWS\system32\gaunbahe.ini
2007-12-16 18:46 . 2007-12-16 18:46 2,214 ---hs---- C:\WINDOWS\system32\pfgvvqdh.ini
2007-12-16 17:46 . 2007-12-16 17:46 2,154 ---hs---- C:\WINDOWS\system32\fkykgsqf.ini
2007-12-16 16:43 . 2007-12-16 16:43 2,034 ---hs---- C:\WINDOWS\system32\crrvmvlf.ini
2007-12-16 15:43 . 2007-12-16 15:43 1,974 ---hs---- C:\WINDOWS\system32\vfgymsql.ini
2007-12-16 14:43 . 2007-12-16 14:43 1,914 ---hs---- C:\WINDOWS\system32\aiopsdjp.ini
2007-12-16 14:40 . 2007-12-16 14:40 1,854 ---hs---- C:\WINDOWS\system32\wblkotcq.ini
2007-12-16 13:40 . 2007-12-16 13:40 1,794 ---hs---- C:\WINDOWS\system32\tskovaur.ini
2007-12-16 11:40 . 2007-12-16 11:40 1,674 ---hs---- C:\WINDOWS\system32\abfkuvuw.ini
2007-12-16 11:37 . 2007-12-16 11:37 1,614 ---hs---- C:\WINDOWS\system32\xsmcscwp.ini
2007-12-16 10:37 . 2007-12-16 10:37 1,554 ---hs---- C:\WINDOWS\system32\apepgenk.ini
2007-12-16 10:36 . 2007-12-16 10:36 1,494 ---hs---- C:\WINDOWS\system32\ptwylotr.ini
2007-12-16 09:34 . 2007-12-16 09:34 1,434 ---hs---- C:\WINDOWS\system32\eaidxuiu.ini
2007-12-16 08:34 . 2007-12-16 08:34 1,374 ---hs---- C:\WINDOWS\system32\kxkjeklm.ini
2007-12-16 07:34 . 2007-12-16 07:34 1,314 ---hs---- C:\WINDOWS\system32\tvapagdd.ini
2007-12-16 07:31 . 2007-12-16 07:31 1,254 ---hs---- C:\WINDOWS\system32\qvcfjhuq.ini
2007-12-16 06:31 . 2007-12-16 06:31 1,194 ---hs---- C:\WINDOWS\system32\lmjjyfcm.ini
2007-12-16 05:31 . 2007-12-16 05:31 1,134 ---hs---- C:\WINDOWS\system32\iadwerph.ini
2007-12-16 04:31 . 2007-12-16 04:31 1,074 ---hs---- C:\WINDOWS\system32\mvpsldvi.ini
2007-12-16 03:28 . 2007-12-16 03:28 954 ---hs---- C:\WINDOWS\system32\yshwkouv.ini
2007-12-16 02:26 . 2007-12-16 02:26 894 ---hs---- C:\WINDOWS\system32\fioiucfv.ini
2007-12-16 01:25 . 2007-12-16 01:25 834 ---hs---- C:\WINDOWS\system32\vqvficst.ini
2007-12-16 01:22 . 2007-12-16 01:22 774 ---hs---- C:\WINDOWS\system32\onimintj.ini
2007-12-16 00:22 . 2007-12-16 00:22 714 ---hs---- C:\WINDOWS\system32\sclkxshs.ini
2007-12-15 23:22 . 2007-12-15 23:22 654 ---hs---- C:\WINDOWS\system32\kwbbenom.ini
2007-12-15 22:22 . 2007-12-15 22:22 594 ---hs---- C:\WINDOWS\system32\sublgmtj.ini
2007-12-15 22:19 . 2007-12-15 22:19 534 ---hs---- C:\WINDOWS\system32\iffwfubt.ini
2007-12-15 21:19 . 2007-12-15 21:19 474 ---hs---- C:\WINDOWS\system32\dstehfil.ini
2007-12-15 20:19 . 2007-12-15 20:19 414 ---hs---- C:\WINDOWS\system32\snnlwaej.ini
2007-12-15 19:19 . 2007-12-15 19:19 354 ---hs---- C:\WINDOWS\system32\cggsfygh.ini
2007-12-15 19:16 . 2007-12-15 19:16 294 ---hs---- C:\WINDOWS\system32\rxtpctoe.ini
2007-12-14 11:26 . 2007-12-14 11:26 594 ---hs---- C:\WINDOWS\system32\slipsrke.ini
2007-12-14 11:23 . 2007-12-14 11:23 534 ---hs---- C:\WINDOWS\system32\tisjuxqu.ini
2007-12-14 10:23 . 2007-12-14 10:23 474 ---hs---- C:\WINDOWS\system32\kkjrwmfw.ini
2007-12-14 09:21 . 2007-12-14 09:21 414 ---hs---- C:\WINDOWS\system32\hfumcisx.ini
2007-12-14 09:18 . 2007-12-14 09:18 294 ---hs---- C:\WINDOWS\system32\oyrqxpgv.ini
2007-12-14 03:01 . 2007-12-14 09:18 354 ---hs---- C:\WINDOWS\system32\inpjilde.ini
2007-12-14 01:58 . 2007-12-14 01:58 1,494 ---hs---- C:\WINDOWS\system32\admhtchn.ini
2007-12-14 00:58 . 2007-12-14 00:58 1,434 ---hs---- C:\WINDOWS\system32\bglvoyki.ini
2007-12-13 23:58 . 2007-12-13 23:58 1,374 ---hs---- C:\WINDOWS\system32\roqsyqji.ini
2007-12-13 23:55 . 2007-12-13 23:55 1,314 ---hs---- C:\WINDOWS\system32\faqyuavo.ini
2007-12-13 23:07 . 2007-12-13 23:29 1,254 ---hs---- C:\WINDOWS\system32\tfrerltc.ini
2007-12-13 22:03 . 2007-12-13 22:10 1,194 ---hs---- C:\WINDOWS\system32\ooefwnid.ini
2007-12-13 20:52 . 2007-12-13 20:52 1,134 ---hs---- C:\WINDOWS\system32\uncxsiuj.ini
2007-12-13 20:49 . 2007-12-13 20:49 1,074 ---hs---- C:\WINDOWS\system32\hiniicga.ini
2007-12-13 19:49 . 2007-12-13 19:49 1,014 ---hs---- C:\WINDOWS\system32\fjqkwpxg.ini
2007-12-13 18:49 . 2007-12-13 18:49 954 ---hs---- C:\WINDOWS\system32\melntsfu.ini
2007-12-13 18:48 . 2007-12-13 18:48 894 ---hs---- C:\WINDOWS\system32\iusjwnmy.ini
2007-12-13 17:49 . 2007-12-13 17:50 834 ---hs---- C:\WINDOWS\system32\owhaqdyg.ini
2007-12-13 16:46 . 2007-12-13 16:46 774 ---hs---- C:\WINDOWS\system32\kdchtfhi.ini
2007-12-13 15:46 . 2007-12-13 15:46 714 ---hs---- C:\WINDOWS\system32\glknuhkk.ini
2007-12-13 15:43 . 2007-12-13 15:43 654 ---hs---- C:\WINDOWS\system32\bdkdprix.ini
2007-12-13 14:43 . 2007-12-13 14:43 594 ---hs---- C:\WINDOWS\system32\mqsklrut.ini
2007-12-13 13:43 . 2007-12-13 13:43 534 ---hs---- C:\WINDOWS\system32\wemyskfm.ini
2007-12-13 13:40 . 2007-12-13 13:40 474 ---hs---- C:\WINDOWS\system32\upexkcap.ini
2007-12-13 12:40 . 2007-12-13 12:40 414 ---hs---- C:\WINDOWS\system32\rbhaubxl.ini
2007-12-13 11:40 . 2007-12-13 11:40 354 ---hs---- C:\WINDOWS\system32\ghbijblk.ini
2007-12-13 11:37 . 2007-12-13 11:37 294 ---hs---- C:\WINDOWS\system32\ccdjiivk.ini
2007-12-13 10:37 . 2007-12-13 10:37 354 ---hs---- C:\WINDOWS\system32\egxdwnrq.ini
2007-12-13 10:34 . 2007-12-13 10:34 294 ---hs---- C:\WINDOWS\system32\gbdrvnoj.ini
2007-12-13 03:10 . 2007-12-13 03:07 1,314 --ahs---- C:\WINDOWS\system32\qrtnayfy.ini
2007-12-13 02:07 . 2007-12-13 02:07 1,254 ---hs---- C:\WINDOWS\system32\bmkwujso.ini
2007-12-13 01:07 . 2007-12-13 01:07 1,194 ---hs---- C:\WINDOWS\system32\sujeofip.ini
2007-12-13 00:07 . 2007-12-13 00:07 1,134 ---hs---- C:\WINDOWS\system32\brqtvxku.ini
2007-12-13 00:04 . 2007-12-13 00:04 1,074 ---hs---- C:\WINDOWS\system32\fmlhfpki.ini
2007-12-12 23:04 . 2007-12-12 23:04 1,014 ---hs---- C:\WINDOWS\system32\yglvbgje.ini
2007-12-12 22:04 . 2007-12-12 22:04 954 ---hs---- C:\WINDOWS\system32\nrmfdxey.ini
2007-12-12 21:04 . 2007-12-12 21:04 894 ---hs---- C:\WINDOWS\system32\erxgkxem.ini
2007-12-12 21:01 . 2007-12-12 21:01 834 ---hs---- C:\WINDOWS\system32\sdhhsqvo.ini
2007-12-12 20:00 . 2007-12-12 20:00 774 ---hs---- C:\WINDOWS\system32\ensstmhd.ini
2007-12-12 18:58 . 2007-12-12 18:58 714 ---hs---- C:\WINDOWS\system32\thgbbgek.ini
2007-12-12 17:58 . 2007-12-12 17:58 654 ---hs---- C:\WINDOWS\system32\gdrkqnsw.ini
2007-12-12 17:55 . 2007-12-12 17:55 594 ---hs---- C:\WINDOWS\system32\kpipywuk.ini
2007-12-12 16:55 . 2007-12-12 16:55 534 ---hs---- C:\WINDOWS\system32\ulcselfj.ini
2007-12-12 15:55 . 2007-12-12 15:55 474 ---hs---- C:\WINDOWS\system32\ygyfajhy.ini
2007-12-12 14:55 . 2007-12-12 14:55 414 ---hs---- C:\WINDOWS\system32\lmsrecai.ini
2007-12-12 14:52 . 2007-12-12 14:52 354 ---hs---- C:\WINDOWS\system32\iymhvrrv.ini
2007-12-12 13:52 . 2007-12-12 13:52 294 ---hs---- C:\WINDOWS\system32\mjkrabtg.ini
2007-12-12 12:50 . 2007-12-12 12:50 534 ---hs---- C:\WINDOWS\system32\upghmhem.ini
2007-12-12 11:45 . 2007-12-12 11:46 474 ---hs---- C:\WINDOWS\system32\xhohegnn.ini
2007-12-12 10:44 . 2007-12-12 10:44 414 ---hs---- C:\WINDOWS\system32\csaqkurm.ini
2007-12-12 10:41 . 2007-12-12 10:44 354 ---hs---- C:\WINDOWS\system32\qlqhpkpg.ini
2007-12-12 10:38 . 2007-12-12 10:38 294 ---hs---- C:\WINDOWS\system32\huyxlkst.ini
2007-12-07 16:17 . 2007-12-07 16:17 294 ---hs---- C:\WINDOWS\system32\omwxjrwr.ini
2007-12-06 16:14 . 2007-12-06 16:14 774 ---hs---- C:\WINDOWS\system32\huflsxcs.ini
2007-12-05 16:07 . 2007-12-05 16:07 294 ---hs---- C:\WINDOWS\system32\qxhdxexq.ini
2007-12-04 18:43 . 2007-12-04 18:43 <DIR> d-------- C:\Documents and Settings\Joey\LimeWire Store Purchased
2007-12-04 18:34 . 2007-12-04 18:58 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2007-12-04 16:05 . 2007-12-04 16:37 414 ---hs---- C:\WINDOWS\system32\rbaeesgm.ini
2007-12-04 15:58 . 2007-12-04 15:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 10:02 . 2007-12-04 10:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-07 06:51 --------- d-----w C:\Program Files\LimeWire
2007-12-07 06:51 --------- d-----w C:\Documents and Settings\Joey\Application Data\uTorrent
2007-12-07 06:51 --------- d-----w C:\Documents and Settings\Joey\Application Data\LimeWire
2007-12-05 01:27 --------- d-----w C:\Documents and Settings\Joey\Application Data\Vso
2007-12-05 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-05 01:25 --------- d-----w C:\Program Files\SlySoft
2007-12-05 00:34 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-05 00:34 47,360 ----a-w C:\Documents and Settings\Joey\Application Data\pcouffin.sys
2007-12-03 15:23 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-03 15:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-01 06:13 --------- d-----w C:\Program Files\uTorrent
2007-11-30 21:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-30 21:21 --------- d-----w C:\Program Files\Viewpoint
2007-11-30 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 23:05 --------- d-----w C:\Program Files\ZipForm Desktop
2007-11-09 18:25 --------- d-----w C:\Program Files\Nick Jr. Arcade
2007-11-08 01:43 --------- d-----w C:\Program Files\Common Files\Viewpoint
2007-11-07 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 05:07 --------- d-----w C:\Program Files\DVDFab Gold 4
2007-11-07 03:06 --------- d-----w C:\Program Files\DVDFab Platinum 3
2007-11-07 03:04 --------- d-----w C:\Program Files\DVD Region+CSS Free
2007-10-30 17:35 --------- d-----w C:\Program Files\HP
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\shell32(2).dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-07-01 14:26 21,848 ----a-w C:\Documents and Settings\Joey\Application Data\GDIPFONTCACHEV1.DAT
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-08-02 22:46 187,904 --sha-r C:\WINDOWS\Sm9zZSBMdW5h\asappsrv.dll
2005-08-02 22:58 293,888 --sha-r C:\WINDOWS\Sm9zZSBMdW5h\command.exe
2005-07-29 22:24 472 --sha-r C:\WINDOWS\Sm9zZSBMdW5h\mA6Wtm1gxqc1.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18188503-F6A9-41C7-9FF2-9FE4A24C82DC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{196328db-2270-44a6-985a-39cbcf35beda}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C3A207-3203-4670-BF2E-0C124A3D218B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DBB0EA0-EAB0-4DF3-AA70-239C1414A37E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C280CF0-2F02-4E6B-8815-CCFAC2BC6260}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81DC16D1-A1F5-42DB-968E-70EA63FB61FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CA7C156-EC64-4B12-BF92-F2650B1AB768}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6BBC013-3647-4F3F-9DE8-C6136261A2F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEEA11ED-F489-475C-9600-69014E387E0F}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E20723B0-7483-4585-88B5-E0BE9220CC2E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3E7DB98-132A-424D-B8FF-C244FAC9024E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2004-09-16 16:49]
"CTHelper"="CTHELPER.EXE" [2007-04-09 11:32 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 11:32 C:\WINDOWS\system32\Ctxfihlp.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 06:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 06:00 C:\WINDOWS\system32\rundll32.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 16:08]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 14:52]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 20:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2006-07-19 08:27]
"184ef8d6"="C:\WINDOWS\system32\dptxpsbc.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-07 16:39:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-07-19 07:51:57]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WebBuying"=C:\Program Files\Web Buying\v1.8.6\webbuying.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R0 aliidex;aliidex;C:\WINDOWS\system32\drivers\aliidex.sys [2003-03-06 10:26]
R0 aliperf;aliperf;C:\WINDOWS\system32\drivers\aliperf.sys [2003-01-16 15:47]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 08:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 08:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 09:49]
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys [2007-07-22 13:26]
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys [2007-07-22 13:26]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2004-07-08 14:58]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-05-18 11:38]
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-07-22 13:26]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;E:\INSTAL~E\Core\BVRPMPR5.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 22:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-19 21:41:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 15:41:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-19 15:43:56 - machine was rebooted
.
2007-12-14 09:01:04 --- E O F ---

mkejoey24z
2007-12-18, 23:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:52 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\mkejoey24z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18188503-F6A9-41C7-9FF2-9FE4A24C82DC} - (no file)
O2 - BHO: (no name) - {196328db-2270-44a6-985a-39cbcf35beda} - (no file)
O2 - BHO: (no name) - {36C3A207-3203-4670-BF2E-0C124A3D218B} - (no file)
O2 - BHO: (no name) - {3DBB0EA0-EAB0-4DF3-AA70-239C1414A37E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7C280CF0-2F02-4E6B-8815-CCFAC2BC6260} - (no file)
O2 - BHO: (no name) - {81DC16D1-A1F5-42DB-968E-70EA63FB61FE} - (no file)
O2 - BHO: (no name) - {9CA7C156-EC64-4B12-BF92-F2650B1AB768} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {B6BBC013-3647-4F3F-9DE8-C6136261A2F1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {CEEA11ED-F489-475C-9600-69014E387E0F} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {E20723B0-7483-4585-88B5-E0BE9220CC2E} - (no file)
O2 - BHO: (no name) - {E3E7DB98-132A-424D-B8FF-C244FAC9024E} - \
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\dptxpsbc.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181159403687
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://a612.ac-images.myspacecdn.com/images01/69/m_b73a185d5d4ae802dfcf148bd334a46b.jpg

--
End of file - 8433 bytes

mkejoey24z
2007-12-18, 23:59
VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 8:46:58 PM 12/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\basggesd.dll
C:\WINDOWS\system32\builsupw.dll
C:\WINDOWS\system32\bywmudrp.dll
C:\WINDOWS\system32\cnbpkdbp.dll
C:\WINDOWS\system32\cojqixpf.dll
C:\WINDOWS\system32\cspcwoce.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddgapavt.dll
C:\WINDOWS\system32\dhmtssne.dll
C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dseggsab.ini
C:\WINDOWS\system32\dtgetpea.dll
C:\WINDOWS\system32\ecowcpsc.ini
C:\WINDOWS\system32\edlijpni.dll
C:\WINDOWS\system32\ehabnuag.dll
C:\WINDOWS\system32\ejgbvlgy.dll
C:\WINDOWS\system32\ekrspils.dll
C:\WINDOWS\system32\eotcptxr.dll
C:\WINDOWS\system32\flvmvrrc.dll
C:\WINDOWS\system32\fpxiqjoc.ini
C:\WINDOWS\system32\fqsgkykf.dll
C:\WINDOWS\system32\gpkphqlq.dll
C:\WINDOWS\system32\gtbarkjm.dll
C:\WINDOWS\system32\hdqvvgfp.dll
C:\WINDOWS\system32\hgyfsggc.dll
C:\WINDOWS\system32\hprewdai.dll
C:\WINDOWS\system32\iacersml.dll
C:\WINDOWS\system32\ikpfhlmf.dll
C:\WINDOWS\system32\ivdlspvm.dll
C:\WINDOWS\system32\jeawlnns.dll
C:\WINDOWS\system32\jflesclu.dll
C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jtmglbus.dll
C:\WINDOWS\system32\jtnimino.dll
C:\WINDOWS\system32\kegbbght.dll
C:\WINDOWS\system32\knegpepa.dll
C:\WINDOWS\system32\kuwypipk.dll
C:\WINDOWS\system32\lifhetsd.dll
C:\WINDOWS\system32\lqsmygfv.dll
C:\WINDOWS\system32\mcfyjjml.dll
C:\WINDOWS\system32\mehmhgpu.dll
C:\WINDOWS\system32\mexkgxre.dll
C:\WINDOWS\system32\mgseeabr.dll
C:\WINDOWS\system32\mlkejkxk.dll
C:\WINDOWS\system32\monebbwk.dll
C:\WINDOWS\system32\mrukqasc.dll
C:\WINDOWS\system32\nngehohx.dll
C:\WINDOWS\system32\osjuwkmb.dll
C:\WINDOWS\system32\ovqshhds.dll
C:\WINDOWS\system32\paousqqe.dll
C:\WINDOWS\system32\pbdkpbnc.ini
C:\WINDOWS\system32\pifoejus.dll
C:\WINDOWS\system32\pjdspoia.dll
C:\WINDOWS\system32\prdumwyb.ini
C:\WINDOWS\system32\pwcscmsx.dll
C:\WINDOWS\system32\qctoklbw.dll
C:\WINDOWS\system32\qrnwdxge.dll
C:\WINDOWS\system32\quhjfcvq.dll
C:\WINDOWS\system32\qxexdhxq.dll
C:\WINDOWS\system32\rtolywtp.dll
C:\WINDOWS\system32\ruavokst.dll
C:\WINDOWS\system32\rwrjxwmo.dll
C:\WINDOWS\system32\scxslfuh.dll
C:\WINDOWS\system32\shsxklcs.dll
C:\WINDOWS\system32\tbufwffi.dll
C:\WINDOWS\system32\tscifvqv.dll
C:\WINDOWS\system32\tsklxyuh.dll
C:\WINDOWS\system32\uiuxdiae.dll
C:\WINDOWS\system32\ukxvtqrb.dll
C:\WINDOWS\system32\uqxujsit.dll
C:\WINDOWS\system32\vfcuioif.dll
C:\WINDOWS\system32\vgpxqryo.dll
C:\WINDOWS\system32\vrrvhmyi.dll
C:\WINDOWS\system32\vuokwhsy.dll
C:\WINDOWS\system32\wfmwrjkk.dll
C:\WINDOWS\system32\wpusliub.ini
C:\WINDOWS\system32\wsnqkrdg.dll
C:\WINDOWS\system32\wuvukfba.dll
C:\WINDOWS\system32\wvurroo.dll
C:\WINDOWS\system32\xsicmufh.dll
C:\WINDOWS\system32\yexdfmrn.dll
C:\WINDOWS\system32\yfyantrq.dll
C:\WINDOWS\system32\yhjafygy.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\basggesd.dll
C:\WINDOWS\system32\basggesd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\builsupw.dll
C:\WINDOWS\system32\builsupw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bywmudrp.dll
C:\WINDOWS\system32\bywmudrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cnbpkdbp.dll
C:\WINDOWS\system32\cnbpkdbp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cojqixpf.dll
C:\WINDOWS\system32\cojqixpf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cspcwoce.dll
C:\WINDOWS\system32\cspcwoce.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddgapavt.dll
C:\WINDOWS\system32\ddgapavt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dhmtssne.dll
C:\WINDOWS\system32\dhmtssne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dptxpsbc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dseggsab.ini
C:\WINDOWS\system32\dseggsab.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dtgetpea.dll
C:\WINDOWS\system32\dtgetpea.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ecowcpsc.ini
C:\WINDOWS\system32\ecowcpsc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\edlijpni.dll
C:\WINDOWS\system32\edlijpni.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehabnuag.dll
C:\WINDOWS\system32\ehabnuag.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ejgbvlgy.dll
C:\WINDOWS\system32\ejgbvlgy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ekrspils.dll
C:\WINDOWS\system32\ekrspils.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eotcptxr.dll
C:\WINDOWS\system32\eotcptxr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\flvmvrrc.dll
C:\WINDOWS\system32\flvmvrrc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fpxiqjoc.ini
C:\WINDOWS\system32\fpxiqjoc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fqsgkykf.dll
C:\WINDOWS\system32\fqsgkykf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gpkphqlq.dll
C:\WINDOWS\system32\gpkphqlq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtbarkjm.dll
C:\WINDOWS\system32\gtbarkjm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdqvvgfp.dll
C:\WINDOWS\system32\hdqvvgfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgyfsggc.dll
C:\WINDOWS\system32\hgyfsggc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hprewdai.dll
C:\WINDOWS\system32\hprewdai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iacersml.dll
C:\WINDOWS\system32\iacersml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikpfhlmf.dll
C:\WINDOWS\system32\ikpfhlmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ivdlspvm.dll
C:\WINDOWS\system32\ivdlspvm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jeawlnns.dll
C:\WINDOWS\system32\jeawlnns.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jflesclu.dll
C:\WINDOWS\system32\jflesclu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jkkhffc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jtmglbus.dll
C:\WINDOWS\system32\jtmglbus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtnimino.dll
C:\WINDOWS\system32\jtnimino.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kegbbght.dll
C:\WINDOWS\system32\kegbbght.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knegpepa.dll
C:\WINDOWS\system32\knegpepa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kuwypipk.dll
C:\WINDOWS\system32\kuwypipk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lifhetsd.dll
C:\WINDOWS\system32\lifhetsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqsmygfv.dll
C:\WINDOWS\system32\lqsmygfv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcfyjjml.dll
C:\WINDOWS\system32\mcfyjjml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mehmhgpu.dll
C:\WINDOWS\system32\mehmhgpu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mexkgxre.dll
C:\WINDOWS\system32\mexkgxre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mgseeabr.dll
C:\WINDOWS\system32\mgseeabr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkejkxk.dll
C:\WINDOWS\system32\mlkejkxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\monebbwk.dll
C:\WINDOWS\system32\monebbwk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mrukqasc.dll
C:\WINDOWS\system32\mrukqasc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nngehohx.dll
C:\WINDOWS\system32\nngehohx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\osjuwkmb.dll
C:\WINDOWS\system32\osjuwkmb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ovqshhds.dll
C:\WINDOWS\system32\ovqshhds.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\paousqqe.dll
C:\WINDOWS\system32\paousqqe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pbdkpbnc.ini
C:\WINDOWS\system32\pbdkpbnc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pifoejus.dll
C:\WINDOWS\system32\pifoejus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjdspoia.dll
C:\WINDOWS\system32\pjdspoia.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\prdumwyb.ini
C:\WINDOWS\system32\prdumwyb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pwcscmsx.dll
C:\WINDOWS\system32\pwcscmsx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qctoklbw.dll
C:\WINDOWS\system32\qctoklbw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrnwdxge.dll
C:\WINDOWS\system32\qrnwdxge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\quhjfcvq.dll
C:\WINDOWS\system32\quhjfcvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxexdhxq.dll
C:\WINDOWS\system32\qxexdhxq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtolywtp.dll
C:\WINDOWS\system32\rtolywtp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ruavokst.dll
C:\WINDOWS\system32\ruavokst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rwrjxwmo.dll
C:\WINDOWS\system32\rwrjxwmo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\scxslfuh.dll
C:\WINDOWS\system32\scxslfuh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\shsxklcs.dll
C:\WINDOWS\system32\shsxklcs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbufwffi.dll
C:\WINDOWS\system32\tbufwffi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tscifvqv.dll
C:\WINDOWS\system32\tscifvqv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tsklxyuh.dll
C:\WINDOWS\system32\tsklxyuh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uiuxdiae.dll
C:\WINDOWS\system32\uiuxdiae.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukxvtqrb.dll
C:\WINDOWS\system32\ukxvtqrb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uqxujsit.dll
C:\WINDOWS\system32\uqxujsit.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vfcuioif.dll
C:\WINDOWS\system32\vfcuioif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vgpxqryo.dll
C:\WINDOWS\system32\vgpxqryo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vrrvhmyi.dll
C:\WINDOWS\system32\vrrvhmyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vuokwhsy.dll
C:\WINDOWS\system32\vuokwhsy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfmwrjkk.dll
C:\WINDOWS\system32\wfmwrjkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wpusliub.ini
C:\WINDOWS\system32\wpusliub.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wsnqkrdg.dll
C:\WINDOWS\system32\wsnqkrdg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wuvukfba.dll
C:\WINDOWS\system32\wuvukfba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvurroo.dll
C:\WINDOWS\system32\wvurroo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsicmufh.dll
C:\WINDOWS\system32\xsicmufh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yexdfmrn.dll
C:\WINDOWS\system32\yexdfmrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yfyantrq.dll
C:\WINDOWS\system32\yfyantrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhjafygy.dll
C:\WINDOWS\system32\yhjafygy.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dptxpsbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jkkhffc.dll Has been deleted!

Performing Repairs to the registry.
Done!



And there are three logs you asked for.:santa:

pskelley
2007-12-19, 00:36
The first thing I want you to know, this computer is about as infected as I have seen one in a while, had I know that, I would not have touched this mess. This computer should have been reformatted and still may have to be. You must read and follow the directions if you expect me to continue.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

In this Stage there are too many files, I do not want to add them all at once. Use the instructions and add them one third at a time. Do this with one group at a time, follow the instructions all the way through. I have never tried to remove this many files at once, so take your time and think about what you are doing.

Here are the instruction:

3) Open a new notepad window
Paste the list of files from the quote box below into the notepad window.


Save this as vundofix.vft and Save as type "all files".
Double-click VundoFix.exe to run it.
Drag vundofix.vft onto the listbox (white box) of VundoFix.
Click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\cbspxtpd.ini
C:\WINDOWS\system32\gaunbahe.ini
C:\WINDOWS\system32\pfgvvqdh.ini
C:\WINDOWS\system32\fkykgsqf.ini
C:\WINDOWS\system32\crrvmvlf.ini
C:\WINDOWS\system32\vfgymsql.ini
C:\WINDOWS\system32\aiopsdjp.ini
C:\WINDOWS\system32\wblkotcq.ini
C:\WINDOWS\system32\tskovaur.ini
C:\WINDOWS\system32\abfkuvuw.ini
C:\WINDOWS\system32\xsmcscwp.ini
C:\WINDOWS\system32\apepgenk.ini
C:\WINDOWS\system32\ptwylotr.ini
C:\WINDOWS\system32\eaidxuiu.ini
C:\WINDOWS\system32\kxkjeklm.ini
C:\WINDOWS\system32\tvapagdd.ini
C:\WINDOWS\system32\lmjjyfcm.ini
C:\WINDOWS\system32\iadwerph.ini
C:\WINDOWS\system32\mvpsldvi.ini
C:\WINDOWS\system32\yshwkouv.ini
C:\WINDOWS\system32\fioiucfv.ini
C:\WINDOWS\system32\vqvficst.ini
C:\WINDOWS\system32\onimintj.ini
C:\WINDOWS\system32\sclkxshs.ini
C:\WINDOWS\system32\kwbbenom.ini
C:\WINDOWS\system32\sublgmtj.ini
C:\WINDOWS\system32\iffwfubt.ini
C:\WINDOWS\system32\dstehfil.ini
C:\WINDOWS\system32\snnlwaej.ini
C:\WINDOWS\system32\cggsfygh.ini



C:\WINDOWS\system32\rxtpctoe.ini
C:\WINDOWS\system32\slipsrke.ini
C:\WINDOWS\system32\tisjuxqu.ini
C:\WINDOWS\system32\kkjrwmfw.ini
C:\WINDOWS\system32\hfumcisx.ini
C:\WINDOWS\system32\oyrqxpgv.ini
C:\WINDOWS\system32\inpjilde.ini
C:\WINDOWS\system32\admhtchn.ini
C:\WINDOWS\system32\bglvoyki.ini
C:\WINDOWS\system32\roqsyqji.ini
C:\WINDOWS\system32\faqyuavo.ini
C:\WINDOWS\system32\tfrerltc.ini
C:\WINDOWS\system32\ooefwnid.ini
C:\WINDOWS\system32\uncxsiuj.ini
C:\WINDOWS\system32\fjqkwpxg.ini
C:\WINDOWS\system32\melntsfu.ini
C:\WINDOWS\system32\iusjwnmy.ini
C:\WINDOWS\system32\owhaqdyg.ini
C:\WINDOWS\system32\kdchtfhi.ini
C:\WINDOWS\system32\glknuhkk.ini
C:\WINDOWS\system32\bdkdprix.ini
C:\WINDOWS\system32\mqsklrut.ini
C:\WINDOWS\system32\wemyskfm.ini
C:\WINDOWS\system32\upexkcap.ini
C:\WINDOWS\system32\rbhaubxl.ini
C:\WINDOWS\system32\ghbijblk.ini
C:\WINDOWS\system32\ccdjiivk.ini
C:\WINDOWS\system32\egxdwnrq.ini
C:\WINDOWS\system32\gbdrvnoj.ini
C:\WINDOWS\system32\qrtnayfy.ini
C:\WINDOWS\system32\bmkwujso.ini




C:\WINDOWS\system32\sujeofip.ini
C:\WINDOWS\system32\brqtvxku.ini
C:\WINDOWS\system32\fmlhfpki.ini
C:\WINDOWS\system32\yglvbgje.ini
C:\WINDOWS\system32\nrmfdxey.ini
C:\WINDOWS\system32\erxgkxem.ini
C:\WINDOWS\system32\sdhhsqvo.ini
C:\WINDOWS\system32\ensstmhd.ini
C:\WINDOWS\system32\thgbbgek.ini
C:\WINDOWS\system32\gdrkqnsw.ini
C:\WINDOWS\system32\kpipywuk.ini
C:\WINDOWS\system32\ulcselfj.ini
C:\WINDOWS\system32\ygyfajhy.ini
C:\WINDOWS\system32\lmsrecai.ini
C:\WINDOWS\system32\iymhvrrv.ini
C:\WINDOWS\system32\mjkrabtg.ini
C:\WINDOWS\system32\upghmhem.ini
C:\WINDOWS\system32\xhohegnn.ini
C:\WINDOWS\system32\csaqkurm.ini
C:\WINDOWS\system32\qlqhpkpg.ini
C:\WINDOWS\system32\huyxlkst.ini
C:\WINDOWS\system32\omwxjrwr.ini
C:\WINDOWS\system32\huflsxcs.ini
C:\WINDOWS\system32\qxhdxexq.ini
C:\WINDOWS\system32\rbaeesgm.ini


4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {18188503-F6A9-41C7-9FF2-9FE4A24C82DC} - (no file)
O2 - BHO: (no name) - {196328db-2270-44a6-985a-39cbcf35beda} - (no file)
O2 - BHO: (no name) - {36C3A207-3203-4670-BF2E-0C124A3D218B} - (no file)
O2 - BHO: (no name) - {3DBB0EA0-EAB0-4DF3-AA70-239C1414A37E} - (no file)
O2 - BHO: (no name) - {7C280CF0-2F02-4E6B-8815-CCFAC2BC6260} - (no file)
O2 - BHO: (no name) - {81DC16D1-A1F5-42DB-968E-70EA63FB61FE} - (no file)
O2 - BHO: (no name) - {9CA7C156-EC64-4B12-BF92-F2650B1AB768} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {B6BBC013-3647-4F3F-9DE8-C6136261A2F1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {CEEA11ED-F489-475C-9600-69014E387E0F} - C:\WINDOWS\system32\ddccd.dll (file missing)
O2 - BHO: (no name) - {E20723B0-7483-4585-88B5-E0BE9220CC2E} - (no file)
O2 - BHO: (no name) - {E3E7DB98-132A-424D-B8FF-C244FAC9024E} - \
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\dptxpsbc.dll",b
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/do...s/msjavx86.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\dptxpsbc.dll <<< make sure that file is gone

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post the Vundofix reports (will be three probably) and a new HJT log.

mkejoey24z
2007-12-19, 02:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:09 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\mkejoey24z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\dptxpsbc.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181159403687
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://a612.ac-images.myspacecdn.com/images01/69/m_b73a185d5d4ae802dfcf148bd334a46b.jpg

--
End of file - 6787 bytes



I ran the Vundo fix and it came back with no viruses or infections. Where would I get the 3 log files you said i would have? The only one I got is this HJT one.:scratch:

pskelley
2007-12-19, 02:30
Look on the C:\ it will be Vundo.txt

pskelley
2007-12-19, 02:40
I asked you to be sure this file was gone?
C:\WINDOWS\system32\dptxpsbc.dll <<< make sure that file is gone??

Make sure all files and folders are still showing (enabled)
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Open Vundofix by Doubleclicking on it, then point your mouse to the white box above the buttons and right click, then click on Add More Files. When the next window opens, copy and paste the files into the boxes and click on Add File(s), then click on Close Window. Then click Remove Vundo.

(File to add)

C:\WINDOWS\system32\dptxpsbc.dll

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\dptxpsbc.dll",b

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\dptxpsbc.dll <<< navigate to that file and delete it if it is there.

Post the Vundofix report and a new HJT log.

Thanks

mkejoey24z
2007-12-19, 02:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:33 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\mkejoey24z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [184ef8d6] rundll32.exe "C:\WINDOWS\system32\dptxpsbc.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181159403687
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://a612.ac-images.myspacecdn.com/images01/69/m_b73a185d5d4ae802dfcf148bd334a46b.jpg

--
End of file - 6820 bytes

mkejoey24z
2007-12-19, 03:07
I Got A little lost but i think im on track again!

VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 8:46:58 PM 12/16/2007
Listing files found while scanning....

C:\WINDOWS\system32\basggesd.dll
C:\WINDOWS\system32\builsupw.dll
C:\WINDOWS\system32\bywmudrp.dll
C:\WINDOWS\system32\cnbpkdbp.dll
C:\WINDOWS\system32\cojqixpf.dll
C:\WINDOWS\system32\cspcwoce.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddgapavt.dll
C:\WINDOWS\system32\dhmtssne.dll
C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dseggsab.ini
C:\WINDOWS\system32\dtgetpea.dll
C:\WINDOWS\system32\ecowcpsc.ini
C:\WINDOWS\system32\edlijpni.dll
C:\WINDOWS\system32\ehabnuag.dll
C:\WINDOWS\system32\ejgbvlgy.dll
C:\WINDOWS\system32\ekrspils.dll
C:\WINDOWS\system32\eotcptxr.dll
C:\WINDOWS\system32\flvmvrrc.dll
C:\WINDOWS\system32\fpxiqjoc.ini
C:\WINDOWS\system32\fqsgkykf.dll
C:\WINDOWS\system32\gpkphqlq.dll
C:\WINDOWS\system32\gtbarkjm.dll
C:\WINDOWS\system32\hdqvvgfp.dll
C:\WINDOWS\system32\hgyfsggc.dll
C:\WINDOWS\system32\hprewdai.dll
C:\WINDOWS\system32\iacersml.dll
C:\WINDOWS\system32\ikpfhlmf.dll
C:\WINDOWS\system32\ivdlspvm.dll
C:\WINDOWS\system32\jeawlnns.dll
C:\WINDOWS\system32\jflesclu.dll
C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jtmglbus.dll
C:\WINDOWS\system32\jtnimino.dll
C:\WINDOWS\system32\kegbbght.dll
C:\WINDOWS\system32\knegpepa.dll
C:\WINDOWS\system32\kuwypipk.dll
C:\WINDOWS\system32\lifhetsd.dll
C:\WINDOWS\system32\lqsmygfv.dll
C:\WINDOWS\system32\mcfyjjml.dll
C:\WINDOWS\system32\mehmhgpu.dll
C:\WINDOWS\system32\mexkgxre.dll
C:\WINDOWS\system32\mgseeabr.dll
C:\WINDOWS\system32\mlkejkxk.dll
C:\WINDOWS\system32\monebbwk.dll
C:\WINDOWS\system32\mrukqasc.dll
C:\WINDOWS\system32\nngehohx.dll
C:\WINDOWS\system32\osjuwkmb.dll
C:\WINDOWS\system32\ovqshhds.dll
C:\WINDOWS\system32\paousqqe.dll
C:\WINDOWS\system32\pbdkpbnc.ini
C:\WINDOWS\system32\pifoejus.dll
C:\WINDOWS\system32\pjdspoia.dll
C:\WINDOWS\system32\prdumwyb.ini
C:\WINDOWS\system32\pwcscmsx.dll
C:\WINDOWS\system32\qctoklbw.dll
C:\WINDOWS\system32\qrnwdxge.dll
C:\WINDOWS\system32\quhjfcvq.dll
C:\WINDOWS\system32\qxexdhxq.dll
C:\WINDOWS\system32\rtolywtp.dll
C:\WINDOWS\system32\ruavokst.dll
C:\WINDOWS\system32\rwrjxwmo.dll
C:\WINDOWS\system32\scxslfuh.dll
C:\WINDOWS\system32\shsxklcs.dll
C:\WINDOWS\system32\tbufwffi.dll
C:\WINDOWS\system32\tscifvqv.dll
C:\WINDOWS\system32\tsklxyuh.dll
C:\WINDOWS\system32\uiuxdiae.dll
C:\WINDOWS\system32\ukxvtqrb.dll
C:\WINDOWS\system32\uqxujsit.dll
C:\WINDOWS\system32\vfcuioif.dll
C:\WINDOWS\system32\vgpxqryo.dll
C:\WINDOWS\system32\vrrvhmyi.dll
C:\WINDOWS\system32\vuokwhsy.dll
C:\WINDOWS\system32\wfmwrjkk.dll
C:\WINDOWS\system32\wpusliub.ini
C:\WINDOWS\system32\wsnqkrdg.dll
C:\WINDOWS\system32\wuvukfba.dll
C:\WINDOWS\system32\wvurroo.dll
C:\WINDOWS\system32\xsicmufh.dll
C:\WINDOWS\system32\yexdfmrn.dll
C:\WINDOWS\system32\yfyantrq.dll
C:\WINDOWS\system32\yhjafygy.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\basggesd.dll
C:\WINDOWS\system32\basggesd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\builsupw.dll
C:\WINDOWS\system32\builsupw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bywmudrp.dll
C:\WINDOWS\system32\bywmudrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cnbpkdbp.dll
C:\WINDOWS\system32\cnbpkdbp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cojqixpf.dll
C:\WINDOWS\system32\cojqixpf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cspcwoce.dll
C:\WINDOWS\system32\cspcwoce.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddgapavt.dll
C:\WINDOWS\system32\ddgapavt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dhmtssne.dll
C:\WINDOWS\system32\dhmtssne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dptxpsbc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dseggsab.ini
C:\WINDOWS\system32\dseggsab.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dtgetpea.dll
C:\WINDOWS\system32\dtgetpea.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ecowcpsc.ini
C:\WINDOWS\system32\ecowcpsc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\edlijpni.dll
C:\WINDOWS\system32\edlijpni.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehabnuag.dll
C:\WINDOWS\system32\ehabnuag.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ejgbvlgy.dll
C:\WINDOWS\system32\ejgbvlgy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ekrspils.dll
C:\WINDOWS\system32\ekrspils.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eotcptxr.dll
C:\WINDOWS\system32\eotcptxr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\flvmvrrc.dll
C:\WINDOWS\system32\flvmvrrc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fpxiqjoc.ini
C:\WINDOWS\system32\fpxiqjoc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fqsgkykf.dll
C:\WINDOWS\system32\fqsgkykf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gpkphqlq.dll
C:\WINDOWS\system32\gpkphqlq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtbarkjm.dll
C:\WINDOWS\system32\gtbarkjm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdqvvgfp.dll
C:\WINDOWS\system32\hdqvvgfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgyfsggc.dll
C:\WINDOWS\system32\hgyfsggc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hprewdai.dll
C:\WINDOWS\system32\hprewdai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iacersml.dll
C:\WINDOWS\system32\iacersml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ikpfhlmf.dll
C:\WINDOWS\system32\ikpfhlmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ivdlspvm.dll
C:\WINDOWS\system32\ivdlspvm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jeawlnns.dll
C:\WINDOWS\system32\jeawlnns.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jflesclu.dll
C:\WINDOWS\system32\jflesclu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jkkhffc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jtmglbus.dll
C:\WINDOWS\system32\jtmglbus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtnimino.dll
C:\WINDOWS\system32\jtnimino.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kegbbght.dll
C:\WINDOWS\system32\kegbbght.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knegpepa.dll
C:\WINDOWS\system32\knegpepa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kuwypipk.dll
C:\WINDOWS\system32\kuwypipk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lifhetsd.dll
C:\WINDOWS\system32\lifhetsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lqsmygfv.dll
C:\WINDOWS\system32\lqsmygfv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcfyjjml.dll
C:\WINDOWS\system32\mcfyjjml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mehmhgpu.dll
C:\WINDOWS\system32\mehmhgpu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mexkgxre.dll
C:\WINDOWS\system32\mexkgxre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mgseeabr.dll
C:\WINDOWS\system32\mgseeabr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkejkxk.dll
C:\WINDOWS\system32\mlkejkxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\monebbwk.dll
C:\WINDOWS\system32\monebbwk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mrukqasc.dll
C:\WINDOWS\system32\mrukqasc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nngehohx.dll
C:\WINDOWS\system32\nngehohx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\osjuwkmb.dll
C:\WINDOWS\system32\osjuwkmb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ovqshhds.dll
C:\WINDOWS\system32\ovqshhds.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\paousqqe.dll
C:\WINDOWS\system32\paousqqe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pbdkpbnc.ini
C:\WINDOWS\system32\pbdkpbnc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pifoejus.dll
C:\WINDOWS\system32\pifoejus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjdspoia.dll
C:\WINDOWS\system32\pjdspoia.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\prdumwyb.ini
C:\WINDOWS\system32\prdumwyb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pwcscmsx.dll
C:\WINDOWS\system32\pwcscmsx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qctoklbw.dll
C:\WINDOWS\system32\qctoklbw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrnwdxge.dll
C:\WINDOWS\system32\qrnwdxge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\quhjfcvq.dll
C:\WINDOWS\system32\quhjfcvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxexdhxq.dll
C:\WINDOWS\system32\qxexdhxq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtolywtp.dll
C:\WINDOWS\system32\rtolywtp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ruavokst.dll
C:\WINDOWS\system32\ruavokst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rwrjxwmo.dll
C:\WINDOWS\system32\rwrjxwmo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\scxslfuh.dll
C:\WINDOWS\system32\scxslfuh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\shsxklcs.dll
C:\WINDOWS\system32\shsxklcs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbufwffi.dll
C:\WINDOWS\system32\tbufwffi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tscifvqv.dll
C:\WINDOWS\system32\tscifvqv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tsklxyuh.dll
C:\WINDOWS\system32\tsklxyuh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uiuxdiae.dll
C:\WINDOWS\system32\uiuxdiae.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ukxvtqrb.dll
C:\WINDOWS\system32\ukxvtqrb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uqxujsit.dll
C:\WINDOWS\system32\uqxujsit.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vfcuioif.dll
C:\WINDOWS\system32\vfcuioif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vgpxqryo.dll
C:\WINDOWS\system32\vgpxqryo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vrrvhmyi.dll
C:\WINDOWS\system32\vrrvhmyi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vuokwhsy.dll
C:\WINDOWS\system32\vuokwhsy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfmwrjkk.dll
C:\WINDOWS\system32\wfmwrjkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wpusliub.ini
C:\WINDOWS\system32\wpusliub.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wsnqkrdg.dll
C:\WINDOWS\system32\wsnqkrdg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wuvukfba.dll
C:\WINDOWS\system32\wuvukfba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvurroo.dll
C:\WINDOWS\system32\wvurroo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsicmufh.dll
C:\WINDOWS\system32\xsicmufh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yexdfmrn.dll
C:\WINDOWS\system32\yexdfmrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yfyantrq.dll
C:\WINDOWS\system32\yfyantrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhjafygy.dll
C:\WINDOWS\system32\yhjafygy.dll Has been deleted!

Performing Repairs to the registry.
Done!

mkejoey24z
2007-12-19, 03:08
2nd Part to it:

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dptxpsbc.dll
C:\WINDOWS\system32\dptxpsbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhffc.dll
C:\WINDOWS\system32\jkkhffc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbspxtpd.ini
C:\WINDOWS\system32\cbspxtpd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\crrvmvlf.ini
C:\WINDOWS\system32\crrvmvlf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fkykgsqf.ini
C:\WINDOWS\system32\fkykgsqf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gaunbahe.ini
C:\WINDOWS\system32\gaunbahe.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pfgvvqdh.ini
C:\WINDOWS\system32\pfgvvqdh.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abfkuvuw.ini
C:\WINDOWS\system32\abfkuvuw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aiopsdjp.ini
C:\WINDOWS\system32\aiopsdjp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\apepgenk.ini
C:\WINDOWS\system32\apepgenk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cggsfygh.ini
C:\WINDOWS\system32\cggsfygh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\dstehfil.ini
C:\WINDOWS\system32\dstehfil.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eaidxuiu.ini
C:\WINDOWS\system32\eaidxuiu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fioiucfv.ini
C:\WINDOWS\system32\fioiucfv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iadwerph.ini
C:\WINDOWS\system32\iadwerph.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iffwfubt.ini
C:\WINDOWS\system32\iffwfubt.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kwbbenom.ini
C:\WINDOWS\system32\kwbbenom.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kxkjeklm.ini
C:\WINDOWS\system32\kxkjeklm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmjjyfcm.ini
C:\WINDOWS\system32\lmjjyfcm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvpsldvi.ini
C:\WINDOWS\system32\mvpsldvi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\onimintj.ini
C:\WINDOWS\system32\onimintj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ptwylotr.ini
C:\WINDOWS\system32\ptwylotr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sclkxshs.ini
C:\WINDOWS\system32\sclkxshs.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\snnlwaej.ini
C:\WINDOWS\system32\snnlwaej.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sublgmtj.ini
C:\WINDOWS\system32\sublgmtj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tskovaur.ini
C:\WINDOWS\system32\tskovaur.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvapagdd.ini
C:\WINDOWS\system32\tvapagdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vfgymsql.ini
C:\WINDOWS\system32\vfgymsql.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vqvficst.ini
C:\WINDOWS\system32\vqvficst.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wblkotcq.ini
C:\WINDOWS\system32\wblkotcq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsmcscwp.ini
C:\WINDOWS\system32\xsmcscwp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yshwkouv.ini
C:\WINDOWS\system32\yshwkouv.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...
Attempting to delete C:\WINDOWS\system32\admhtchn.ini
C:\WINDOWS\system32\admhtchn.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bdkdprix.ini
C:\WINDOWS\system32\bdkdprix.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bglvoyki.ini
C:\WINDOWS\system32\bglvoyki.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bmkwujso.ini
C:\WINDOWS\system32\bmkwujso.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\brqtvxku.ini
C:\WINDOWS\system32\brqtvxku.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ccdjiivk.ini
C:\WINDOWS\system32\ccdjiivk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\csaqkurm.ini
C:\WINDOWS\system32\csaqkurm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\egxdwnrq.ini
C:\WINDOWS\system32\egxdwnrq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ensstmhd.ini
C:\WINDOWS\system32\ensstmhd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\erxgkxem.ini
C:\WINDOWS\system32\erxgkxem.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\faqyuavo.ini
C:\WINDOWS\system32\faqyuavo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjqkwpxg.ini
C:\WINDOWS\system32\fjqkwpxg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fmlhfpki.ini
C:\WINDOWS\system32\fmlhfpki.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gbdrvnoj.ini
C:\WINDOWS\system32\gbdrvnoj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gdrkqnsw.ini
C:\WINDOWS\system32\gdrkqnsw.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghbijblk.ini
C:\WINDOWS\system32\ghbijblk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\glknuhkk.ini
C:\WINDOWS\system32\glknuhkk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hfumcisx.ini
C:\WINDOWS\system32\hfumcisx.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\huflsxcs.ini
C:\WINDOWS\system32\huflsxcs.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\huyxlkst.ini
C:\WINDOWS\system32\huyxlkst.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\inpjilde.ini
C:\WINDOWS\system32\inpjilde.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iusjwnmy.ini
C:\WINDOWS\system32\iusjwnmy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iymhvrrv.ini
C:\WINDOWS\system32\iymhvrrv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kdchtfhi.ini
C:\WINDOWS\system32\kdchtfhi.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kkjrwmfw.ini
C:\WINDOWS\system32\kkjrwmfw.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kpipywuk.ini
C:\WINDOWS\system32\kpipywuk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmsrecai.ini
C:\WINDOWS\system32\lmsrecai.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\melntsfu.ini
C:\WINDOWS\system32\melntsfu.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mjkrabtg.ini
C:\WINDOWS\system32\mjkrabtg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mqsklrut.ini
C:\WINDOWS\system32\mqsklrut.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\nrmfdxey.ini
C:\WINDOWS\system32\nrmfdxey.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\omwxjrwr.ini
C:\WINDOWS\system32\omwxjrwr.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ooefwnid.ini
C:\WINDOWS\system32\ooefwnid.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\owhaqdyg.ini
C:\WINDOWS\system32\owhaqdyg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\oyrqxpgv.ini
C:\WINDOWS\system32\oyrqxpgv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qlqhpkpg.ini
C:\WINDOWS\system32\qlqhpkpg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qrtnayfy.ini
C:\WINDOWS\system32\qrtnayfy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qxhdxexq.ini
C:\WINDOWS\system32\qxhdxexq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rbaeesgm.ini
C:\WINDOWS\system32\rbaeesgm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rbhaubxl.ini
C:\WINDOWS\system32\rbhaubxl.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\roqsyqji.ini
C:\WINDOWS\system32\roqsyqji.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rxtpctoe.ini
C:\WINDOWS\system32\rxtpctoe.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdhhsqvo.ini
C:\WINDOWS\system32\sdhhsqvo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\slipsrke.ini
C:\WINDOWS\system32\slipsrke.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sujeofip.ini
C:\WINDOWS\system32\sujeofip.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tfrerltc.ini
C:\WINDOWS\system32\tfrerltc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\thgbbgek.ini
C:\WINDOWS\system32\thgbbgek.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tisjuxqu.ini
C:\WINDOWS\system32\tisjuxqu.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ulcselfj.ini
C:\WINDOWS\system32\ulcselfj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uncxsiuj.ini
C:\WINDOWS\system32\uncxsiuj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\upexkcap.ini
C:\WINDOWS\system32\upexkcap.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\upghmhem.ini
C:\WINDOWS\system32\upghmhem.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wemyskfm.ini
C:\WINDOWS\system32\wemyskfm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xhohegnn.ini
C:\WINDOWS\system32\xhohegnn.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yglvbgje.ini
C:\WINDOWS\system32\yglvbgje.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygyfajhy.ini
C:\WINDOWS\system32\ygyfajhy.ini Has been deleted!

Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 6:07:00 PM 12/19/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Performing Repairs to the registry.
Done!

mkejoey24z
2007-12-19, 03:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:48 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\mkejoey24z.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181159403687
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://a612.ac-images.myspacecdn.com/images01/69/m_b73a185d5d4ae802dfcf148bd334a46b.jpg

--
End of file - 6658 bytes

mkejoey24z
2007-12-19, 03:13
Just so you know I went ahead and typed that file C:WINDOWS\system32\dptxpsbc.dll on the adderess bar and nothing came up and when I rebooted a Window "Rundll." showed up saying: (The Specified module could not be found.)

I think im on the right track ???

pskelley
2007-12-19, 13:31
Thanks for returning your information and the feeback, how is the computer running now?

When we finish (not before) you should seriously consider updating to Internet Explorer 7 for the additional security it gives you.
http://www.microsoft.com/windows/products/winfamily/ie/default.mspx

Remove (delete) combofix, C:\qoobox\quarantine\, Vundofix and the C:\VundoFix Backups. Delete any Vundofix.txt files that are there also.

Please run Kaspersky with the setting I am providing.

Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here along with some feedback.

Thanks

mkejoey24z
2007-12-20, 22:37
Well I did notice my computer was faster and was not getting pop ups so far. After doing this scan I noticed it said there were two viruses yet any thoght on them?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 20, 2007 11:16:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 458540
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 67174
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 2
Duration of the scan process: 00:49:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\{EB17592E-DC78-42C9-83A1-232CB1237623}.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\{EB17592E-DC78-42C9-83A1-232CB1237623}.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\{EB17592E-DC78-42C9-83A1-232CB1237623}.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Reports\{EB17592E-DC78-42C9-83A1-232CB1237623}.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\TIF\GlobalTIFMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Joey\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\History\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\History\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\BCG6.tmp Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temp\~DF17D2.tmp Object is locked skipped
C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joey\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joey\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\applog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\pktlog.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\seclog.log Object is locked skipped
C:\Shrink...2\halloween\VTS_01_0.VOB Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP212\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000005-00001102-00000004-00531102}.CDF Object is locked skipped
G:\Incomplete\T-637929-Slysoft AnyDVD HD 6.1.7.0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
G:\Incomplete\T-637929-Slysoft AnyDVD HD 6.1.7.0 Patch.zip ZIP: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{85E6A439-580F-4DD1-9159-1F51909486EF}\RP212\change.log Object is locked skipped

Scan process completed.

pskelley
2007-12-20, 23:03
KASPERSKY ONLINE SCANNER REPORT Thursday, December 20, 2007 11:16:36 PM

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of that Recovery folder
http://ict.cas.psu.edu/training/howto/util/removespybot.htm#1

http://forums.spybot.info/showthread.php?t=288
See this: Note:
We do not support the use of illegal Pirated/Warez/Cracked software. Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.

Delete these cracked programs
G:\Incomplete\T-637929-Slysoft AnyDVD HD 6.1.7.0 Patch.zip/Crack.exe Trojan.Win32.Agent.cmn
G:\Incomplete\T-637929-Slysoft AnyDVD HD 6.1.7.0 Patch.zip ZIP: infected - 1

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

mkejoey24z
2007-12-20, 23:42
Thanks a million. I went ahead and deleted the files u said and now i will running that scan again later. As for the cracks i went to the slysoft website and found a free trial to test out progam for free which is great. i think more companies should let people use a free test trial progam before buying it really helps. I think the reason my pc got infected was beacuse my NOrtons I had at the time was expired. Now I got that Kaspersky antivirus and Kaspersky Anti Hacker. (which the hacker i really dont know about yet)
One last question for you, Is this all i need or do I need another progam for protection and what about that spyblaster i read in one of the links u gave me could I use that at the same time or is just a one time scanner?

Well once again thanks for having the patience in assisting me clean my pc. Like I said when I first came on this forum I am a beginner at this.Through this experience I really have learned a lot and makes me want to learn more.:):bigthumb:

mkejoey24z
2007-12-21, 03:02
I got a question I know on 1 of the post you replied you said to not worry about the time if it was going to be incorrect how can I change it back so it is the right time and day. Right now it is one day ahead. Also am able to do system restore checkpoints now?

pskelley
2007-12-21, 12:23
I got a question I know on 1 of the post you replied you said to not worry about the time if it was going to be incorrect
I would never had said this, it is very important that the computers time be correct.

Right click the time in the System Tray and click on Adjust Time/Date.

Also am able to do system restore checkpoints now?http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Thanks