PDA

View Full Version : virtumonde, part 2: results



bigmatt267
2007-12-21, 18:24
im having problems with that new inject.bw cuz it wont let me stay online long enough to post all the scan results. kapersky results is too much for the post.
sorry if im not posting right, im getting really frustrated with the new inject.
_
Scan Statistics:
Total number of scanned objects: 77190
Number of viruses found: 28
Number of infected objects: 151
Number of suspicious objects: 2
Duration of the scan process: 02:11:53

_
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:41 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.qvc.com;<local>
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\DJJEFF~1\APPLIC~1\SSTEM~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CcEvtSvc - Symantec Corporation - (no file)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\Cloud 1.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\00001cutehug.gif
O24 - Desktop Component 3: (no name) - http://www.myspace.com/
--
End of file - 10141 bytes
_
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 20, 2007 3:49:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 490757
_
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
Scan Statistics:
Total number of scanned objects: 77190
Number of viruses found: 28
Number of infected objects: 151
Number of suspicious objects: 2
Duration of the scan process: 02:11:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\Vwpt.exe Infected: Packed.Win32.Tibs.ez skipped
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\Vwpt.exe Infected: Packed.Win32.Tibs.ez skipped
C:\ Infected: not-a-virus:AdWare.Win32.Agent.vu skipped
C:\Program Files\XP Smoker\superfast.exe/file1 Infected: not-a-virus:RiskTool.Win32.Shutdown.c skipped
C:\Program Files\XP Smoker\superfast.exe Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc1390 Infected: Backdoor.Win32.Agent.dbm skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc4163 Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc5\Local Settings\Temporary Internet Files\Content.IE5\2YZWSDF0\main[1].gif Infected: Trojan.Win32.VB.bky skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc5173\Wicked Remix (roll).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc935.exe Infected: Backdoor.Win32.Agent.dbm skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc944.exe Infected: Backdoor.Win32.Agent.dbm skipped
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\Dc948.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP133\A0065662.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP142\A0069070.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP197\A0109788.exe Infected: Virus.Win32.Virut.x skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP197\A0109805.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP197\A0109813.exe Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP197\A0109818.exe Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP198\A0110074.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP200\A0123357.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP200\A0123360.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP200\A0123362.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP205\A0137052.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP213\A0146786.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP214\A0146816.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP215\A0146877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP215\A0147888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP216\A0147917.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP216\A0147951.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP219\A0149520.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP219\A0150520.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151927.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151931.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0152926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0153926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{E50A3772-ADC6-42F8-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\ioqamnmg.dll Infected: Trojan.Win32.BHO.abs skipped
C:\WINDOWS\system32\ldfvbost.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\legnnwyq.dll Infected: Trojan.Win32.BHO.abs skipped
C:\WINDOWS\system32\lgsffqge.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\lhnhecbx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\qfdcrjie.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\rdlqnakx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\ryhcdbcw.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\sdgphpid.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\spsmapay.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\swikqthw.Vdll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\uhgqqgvr.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\ukpokstb.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\urdusvbd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\ussevhdg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\uvlhqakg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\whkqbrnj.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\wlqsxcqc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\wpamuxns.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\wvvigeey.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\yacpmsvu.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
i cut out some of the kapersky report so some could be posted. as u can see, lost of virtumonde and superjuan.
Scan process completed.
thank u for any feedback and help u can give me!

i will be around all day, waiting for help, if i dont reply its cuz my pc either froze or im restarting. :crowned:

steamwiz
2007-12-21, 22:34
HI

I've read your other thread as well ...

You have vundo entries hiding from hijackthis ...

Find C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

rename it to C:\Program Files\Trend Micro\HijackThis\problems.exe

Hijackthis will now show the hiding entries ...

So when I say run hijackthis ... run problems.exe

First I want you to run a couple more programs ...

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

THEN ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Please remember to post :-


1. SUPERAntiSpyware Scan Log
2. C:\ComboFix.txt
3. a new hijackthis log.( run after everything else)

steam

bigmatt267
2007-12-22, 07:26
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2007 at 08:21 PM

Application Version : 3.9.1008

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 01:09:23

Memory items scanned : 378
Memory threats detected : 1
Registry items scanned : 5279
Registry threats detected : 61
File items scanned : 40386
File threats detected : 173

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\AWTST.DLL
C:\WINDOWS\SYSTEM32\AWTST.DLL
HKLM\Software\Classes\CLSID\{F68005B7-3B1A-4049-AB59-FCE86C8CCE92}
HKCR\CLSID\{F68005B7-3B1A-4049-AB59-FCE86C8CCE92}
HKCR\CLSID\{F68005B7-3B1A-4049-AB59-FCE86C8CCE92}\InprocServer32
HKCR\CLSID\{F68005B7-3B1A-4049-AB59-FCE86C8CCE92}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F68005B7-3B1A-4049-AB59-FCE86C8CCE92}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WCVUXAQA.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP185\A0078849.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP191\A0097442.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP200\A0123357.DLL

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKLM\Software\Classes\CLSID\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}#AppID
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\ProgID
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\TypeLib
HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\VersionIndependentProgID
HKU\S-1-5-21-2077649761-913329084-1252980321-1006\Software\antica
HKU\S-1-5-21-2077649761-913329084-1252980321-1006\Software\BndDrive
C:\PROGRAM FILES\QDRPACK\QDRPACK9.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP155\A0070778.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP185\A0078856.EXE

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}

411Ferret Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}

Adware.AdBlaster
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}

AdBars BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}

Adware.Tracking Cookie
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@ads3.blastro[1].txt
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@ads4.blastro[1].txt
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@www.levelclick[2].txt
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@collective-media[2].txt
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@adredired[2].txt
C:\Documents and Settings\DJJEFFRY2006\Cookies\djjeffry2006@www.trixieteen[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@media.adrevolver[3].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Guest\Cookies\guest@versiontracker[2].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString

Adware.Zango Toolbar/Hb
HKCR\InstIE.HbInstObj
HKCR\InstIE.HbInstObj\CurVer
HKCR\InstIE.HbInstObj.1
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1

Adware.OneStepSearch
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#DeviceDesc
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP142\A0069070.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP144\A0069157.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP144\A0069158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP144\A0069159.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP147\A0070192.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\FAVORITES\ONLINE SECURITY TEST.URL

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\LOCAL SETTINGS\TEMP\MOFUGCLQ.EXE
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\LOCAL SETTINGS\TEMP\QRJATYDI.EXE
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\LOCAL SETTINGS\TEMP\RHVQSUWB.EXE
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\LOCAL SETTINGS\TEMP\URCLQECD.EXE
C:\DOCUMENTS AND SETTINGS\DJJEFFRY2006\LOCAL SETTINGS\TEMP\VNTMRYKT.EXE

Trojan.Downloader-Gen/DDC
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\DC1390
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\DC935.EXE
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\DC944.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP224\A0161014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164126.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164127.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164128.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164129.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164130.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164132.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164133.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164135.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164136.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164137.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164138.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164139.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164140.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164142.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164143.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164144.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164145.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164146.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164147.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164148.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164149.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164150.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164151.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164152.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164153.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164154.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164156.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164157.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0167192.EXE
C:\WINDOWS\SYSTEM32\MLTLVUGJ.EXE .REN
C:\WINDOWS\SYSTEM32\NDKNIPYC.VEXE
C:\WINDOWS\SYSTEM32\WYKVJDQX.EXE
C:\WINDOWS\Prefetch\WYKVJDQX.EXE-0B8D269D.pf

Adware.Vundo-Variant/Small-A
C:\RECYCLER\S-1-5-21-2077649761-913329084-1252980321-1006\DC948.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP205\A0137052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP213\A0146786.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP214\A0146816.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP215\A0146877.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP215\A0147888.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP216\A0147917.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP216\A0147951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP219\A0149520.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP219\A0150520.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150894.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150895.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP220\A0150926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP222\A0151931.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0152926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0153926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0154926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0155926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0155927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP223\A0157926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP224\A0161013.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0164179.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP225\A0167193.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP226\A0174227.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP226\A0174230.DLL
C:\WINDOWS\SYSTEM32\AAYWXLII.DLL
C:\WINDOWS\SYSTEM32\AKHKUKSD.DLL
C:\WINDOWS\SYSTEM32\AYCPWTLV.DLL
C:\WINDOWS\SYSTEM32\BVHPVQBM.DLL
C:\WINDOWS\SYSTEM32\CKMNMYOG.DLL
C:\WINDOWS\SYSTEM32\CLWWVMNE.DLL
C:\WINDOWS\SYSTEM32\CTUNHNGX.DLL
C:\WINDOWS\SYSTEM32\DMWXWXGK.DLL
C:\WINDOWS\SYSTEM32\DRSBYUNN.DLL
C:\WINDOWS\SYSTEM32\ETKDEKYM.DLL
C:\WINDOWS\SYSTEM32\FOXNKATR.DLL
C:\WINDOWS\SYSTEM32\FPQKUQQQ.DLL
C:\WINDOWS\SYSTEM32\FWMVMYGN.DLL
C:\WINDOWS\SYSTEM32\GFGJXRNK.DLL
C:\WINDOWS\SYSTEM32\GIIQLGKJ.DLL
C:\WINDOWS\SYSTEM32\GULESBEI.DLL
C:\WINDOWS\SYSTEM32\HGGVJECR.DLL
C:\WINDOWS\SYSTEM32\HKQXVBTE.DLL
C:\WINDOWS\SYSTEM32\HLQAUDHP.DLL
C:\WINDOWS\SYSTEM32\HSJMNUQK.DLL
C:\WINDOWS\SYSTEM32\HTNSOQAH.DLL
C:\WINDOWS\SYSTEM32\HYOKURCI.DLL
C:\WINDOWS\SYSTEM32\IGWAUQKT.DLL
C:\WINDOWS\SYSTEM32\IOQAMNMG.DLL
C:\WINDOWS\SYSTEM32\JOBCDWSE.DLL
C:\WINDOWS\SYSTEM32\LDFVBOST.DLL
C:\WINDOWS\SYSTEM32\LEGNNWYQ.DLL
C:\WINDOWS\SYSTEM32\LGSFFQGE.DLL
C:\WINDOWS\SYSTEM32\LHNHECBX.DLL
C:\WINDOWS\SYSTEM32\NATFESFU.DLL
C:\WINDOWS\SYSTEM32\QFDCRJIE.DLL
C:\WINDOWS\SYSTEM32\RDLQNAKX.DLL
C:\WINDOWS\SYSTEM32\RYHCDBCW.DLL
C:\WINDOWS\SYSTEM32\SDGPHPID.DLL
C:\WINDOWS\SYSTEM32\SGUMXXGL.DLL
C:\WINDOWS\SYSTEM32\SPDKTURI.DLL
C:\WINDOWS\SYSTEM32\SPSMAPAY.DLL
C:\WINDOWS\SYSTEM32\SXSYSLVD.DLL
C:\WINDOWS\SYSTEM32\UHGQQGVR.DLL
C:\WINDOWS\SYSTEM32\UKPOKSTB.DLL
C:\WINDOWS\SYSTEM32\URDUSVBD.DLL
C:\WINDOWS\SYSTEM32\USSEVHDG.DLL
C:\WINDOWS\SYSTEM32\UVLHQAKG.DLL
C:\WINDOWS\SYSTEM32\WDEEJTPF.DLL
C:\WINDOWS\SYSTEM32\WHKQBRNJ.DLL
C:\WINDOWS\SYSTEM32\WLQSXCQC.DLL
C:\WINDOWS\SYSTEM32\WPAMUXNS.DLL
C:\WINDOWS\SYSTEM32\WVVIGEEY.DLL
C:\WINDOWS\SYSTEM32\XSVWCRDM.DLL
C:\WINDOWS\SYSTEM32\YACPMSVU.DLL

Trojan.Downloader-Gen/QDRModule
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP160\A0071144.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP185\A0078854.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP200\A0123362.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP188\A0086998.DLL

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP189\A0087259.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP191\A0097443.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP191\A0097445.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP192\A0098445.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP189\A0087300.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP190\A0088331.EXE

Trojan.Downloader-Gen/TaLDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E50A3772-ADC6-42F8-B62F-FEBA80092159}\RP197\A0109804.EXE

Adware.Vundo/Traff-2
C:\WINDOWS\SYSTEM32\DIUPNCFT.EXE
C:\WINDOWS\SYSTEM32\FAXIBQHY.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\TSTWA.BAK1
C:\WINDOWS\SYSTEM32\TSTWA.INI

bigmatt267
2007-12-22, 07:42
ComboFix 07-12-22.1 - DJJEFFRY2006 2007-12-21 20:50:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.108 [GMT -8:00]
Running from: C:\Documents and Settings\DJJEFFRY2006\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\DJJEFFRY2006\Application Data\SMANTE~1
C:\Documents and Settings\DJJEFFRY2006\Application Data\SMANTE~1\msdtc.exe
C:\Documents and Settings\DJJEFFRY2006\Application Data\SSTEM~1
C:\Documents and Settings\DJJEFFRY2006\Application Data\SSTEM~1\dvdplay.exe
C:\Documents and Settings\DJJEFFRY2006\Application Data\SSTEM~1\s?stem\
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrPack
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\tn3
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.log
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\didpyoxf.ini
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\djdoidma.ini
C:\WINDOWS\system32\dmnemkbt.ini
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ehqhdlbm.ini
C:\WINDOWS\system32\enmvwwlc.ini
C:\WINDOWS\system32\fmavarks.ini
C:\WINDOWS\system32\fptjeedw.ini
C:\WINDOWS\system32\ftokygxo.ini
C:\WINDOWS\system32\gcjpcrln.ini
C:\WINDOWS\system32\ikttaobu.ini
C:\WINDOWS\system32\jfohvcfl.ini
C:\WINDOWS\system32\kmohqdpc.ini
C:\WINDOWS\system32\lgsgphbl.ini
C:\WINDOWS\system32\mwoefjyj.ini
C:\WINDOWS\system32\nfysqokt.ini
C:\WINDOWS\system32\ngymvmwf.ini
C:\WINDOWS\system32\nnuybsrd.ini
C:\WINDOWS\system32\npfqsgdw.ini
C:\WINDOWS\system32\nwhbvbqh.ini
C:\WINDOWS\system32\ocsidlkj.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\peqdhgiw.ini
C:\WINDOWS\system32\qcixhqyw.ini
C:\WINDOWS\system32\rcejvggh.ini
C:\WINDOWS\system32\rlqhisdd.ini
C:\WINDOWS\system32\rpxmxxgc.ini
C:\WINDOWS\system32\simvwqah.ini
C:\WINDOWS\system32\snxumapw.ini
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\tstwa.tmp
C:\WINDOWS\system32\umvlapyr.ini
C:\WINDOWS\system32\vltwpcya.ini
C:\WINDOWS\system32\vsrdvxjx.ini
C:\WINDOWS\system32\wcvuxaqa.dllbox
C:\WINDOWS\system32\whtqkiws.ini
C:\WINDOWS\system32\whxwyqxd.ini
C:\WINDOWS\system32\yuvtpbgt.dllbox
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-21 21:06 . 2007-12-21 21:11 18,996 ---hs---- C:\WINDOWS\system32\yuvtpbgt.dllbox
2007-12-21 20:38 . 2007-12-21 20:39 14,033 --a------ C:\pos2E5F.tmp
2007-12-21 20:32 . 2007-12-21 20:32 165,472 --a------ C:\WINDOWS\system32\yuvtpbgt.dll
2007-12-21 20:32 . 2007-12-21 20:32 165,472 --a------ C:\WINDOWS\system32\dnkwexcf.dll
2007-12-21 19:28 . 2007-12-21 20:11 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-21 19:03 . 2007-12-21 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 19:02 . 2007-12-21 20:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 19:02 . 2007-12-21 19:02 <DIR> d-------- C:\Documents and Settings\DJJEFFRY2006\Application Data\SUPERAntiSpyware.com
2007-12-21 19:01 . 2007-12-21 19:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 14:38 . 2007-12-21 14:38 14,033 --a------ C:\pos2AF4.tmp
2007-12-21 14:31 . 2007-12-21 14:31 14,033 --a------ C:\pos2903.tmp
2007-12-21 14:11 . 2007-12-21 14:11 14,033 --a------ C:\pos270F.tmp
2007-12-21 14:10 . 2007-12-21 14:11 14,033 --a------ C:\pos266B.tmp
2007-12-21 13:59 . 2007-12-21 13:59 14,033 --a------ C:\pos251B.tmp
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos231C.tmp
2007-12-21 13:52 . 2007-12-21 13:53 14,033 --a------ C:\pos2288.tmp
2007-12-21 13:51 . 2007-12-21 13:52 14,033 --a------ C:\pos21A2.tmp
2007-12-21 13:07 . 2007-12-21 13:07 14,033 --a------ C:\pos2122.tmp
2007-12-21 13:01 . 2007-12-21 13:01 14,033 --a------ C:\pos1F1C.tmp
2007-12-21 13:00 . 2007-12-21 13:01 14,033 --a------ C:\pos1DCD.tmp
2007-12-21 12:59 . 2007-12-21 12:59 13,033 --a------ C:\pos1D43.tmp
2007-12-21 12:58 . 2007-12-21 12:58 14,033 --a------ C:\pos1D2B.tmp
2007-12-21 12:45 . 2007-12-21 13:14 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-21 12:45 . 2007-12-21 13:14 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-21 12:42 . 2007-12-21 13:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-21 12:41 . 2007-12-21 21:04 1,241,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-21 12:41 . 2007-12-21 21:09 17,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-21 12:41 . 2007-12-21 21:04 9,668 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-21 12:41 . 2007-12-21 21:04 2,564 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-21 12:39 . 2007-12-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-21 12:33 . 2007-12-21 12:34 14,033 --a------ C:\pos1AEA.tmp
2007-12-21 12:09 . 2007-12-21 12:09 14,033 --a------ C:\pos1948.tmp
2007-12-21 12:08 . 2007-12-21 12:09 14,033 --a------ C:\pos1608.tmp
2007-12-21 11:29 . 2007-12-21 14:02 534 --ahs---- C:\WINDOWS\system32\ibfeqcbx.ini
2007-12-21 11:23 . 2007-12-21 11:24 14,033 --a------ C:\pos1515.tmp
2007-12-21 11:13 . 2007-12-21 11:13 14,033 --a------ C:\pos17EC.tmp
2007-12-21 11:12 . 2007-12-21 11:13 14,033 --a------ C:\pos16BF.tmp
2007-12-21 08:00 . 2007-12-21 08:00 14,033 --a------ C:\pos1385.tmp
2007-12-21 07:38 . 2007-12-21 07:38 <DIR> d-------- C:\Program Files\Trend Micro

bigmatt267
2007-12-22, 07:43
2007-12-21 07:25 . 2007-12-21 07:25 14,033 --a------ C:\pos1186.tmp
2007-12-21 07:24 . 2007-12-21 07:24 14,033 --a------ C:\posFFD.tmp
2007-12-21 06:53 . 2007-12-21 06:53 14,033 --a------ C:\posFA0.tmp
2007-12-20 19:54 . 2007-12-20 19:54 14,033 --a------ C:\posDA5.tmp
2007-12-20 19:53 . 2007-12-20 19:54 14,033 --a------ C:\posBF1.tmp
2007-12-20 18:31 . 2007-12-21 07:26 987,661 --a------ C:\WINDOWS\system32\fptjeedw.ini.ren
2007-12-20 18:28 . 2007-12-20 18:28 80,448 --a------ C:\WINDOWS\system32\vedkqcob.dll.ren
2007-12-20 18:25 . 2007-12-20 18:26 14,033 --a------ C:\posB70.tmp
2007-12-20 17:52 . 2007-12-20 17:53 14,033 --a------ C:\pos9B4.tmp
2007-12-20 17:49 . 2007-12-20 17:49 14,033 --a------ C:\pos7C9.tmp
2007-12-20 16:51 . 2007-12-20 16:51 14,033 --a------ C:\pos5DA.tmp
2007-12-20 12:27 . 2007-12-20 12:27 14,033 --a------ C:\pos8.tmp
2007-12-20 10:22 . 2007-12-20 17:55 987,574 --a------ C:\WINDOWS\system32\icrukoyh.ini.ren
2007-12-20 10:19 . 2007-12-20 10:19 165,472 --a------ C:\WINDOWS\system32\kpiijkql.dll
2007-12-20 10:19 . 2007-12-20 10:19 80,448 --a------ C:\WINDOWS\system32\hyemgbbi.dll.ren
2007-12-20 10:00 . 2007-12-20 10:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-20 10:00 . 2007-12-21 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-19 15:59 . 2007-12-19 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 15:46 . 2007-12-19 16:38 <DIR> d-------- C:\VundoFix Backups
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V86dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V85dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V84dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V83dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V82dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V81dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V80dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V79dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V78dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V77dll
2007-12-19 09:48 . 2007-12-19 09:48 320,608 --a------ C:\WINDOWS\system32\awtst.V76dll
2007-12-19 09:46 . 2007-12-19 09:47 320,608 --a------ C:\WINDOWS\system32\awtst.V46dll
2007-12-19 09:45 . 2007-12-19 09:45 320,608 --a------ C:\WINDOWS\system32\awtst.V27dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V07dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V06dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V05dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V04dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V03dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V02dll
2007-12-19 09:44 . 2007-12-19 09:44 320,608 --a------ C:\WINDOWS\system32\awtst.V01dll
2007-12-19 09:44 . 2007-12-19 09:44 85,568 --a------ C:\WINDOWS\system32\swikqthw.Vdll
2007-12-19 09:21 . 2007-12-21 21:09 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-19 09:21 . 2007-12-19 09:21 <DIR> d-------- C:\Documents and Settings\DJJEFFRY2006\Application Data\Simply Super Software
2007-12-19 09:21 . 2007-12-19 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-19 09:21 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-19 09:21 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-19 09:21 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-19 09:21 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-12-19 09:21 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-12-18 10:53 . 2007-12-18 10:53 320,608 --a------ C:\WINDOWS\system32\awtst.Vdll
2007-12-18 10:53 . 2007-12-18 10:53 320,608 --a------ C:\WINDOWS\system32\awtst.V00dll
2007-12-18 09:11 . 2007-12-18 09:11 <DIR> d-------- C:\Program Files\NOD32
2007-12-16 16:56 . 2007-12-18 20:25 <DIR> d-------- C:\Program Files\Incomplete
2007-12-15 08:45 . 2007-12-15 08:45 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-12-15 08:43 . 2007-12-15 09:48 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll
2007-12-15 08:42 . 2007-12-15 08:43 <DIR> d-------- C:\Program Files\Super DVD Copy
2007-12-15 08:40 . 2007-12-15 08:40 <DIR> d-------- C:\Program Files\Super DVD Ripper
2007-12-13 14:09 . 2007-12-13 14:16 <DIR> d-------- C:\Program Files\ophcrack
2007-12-08 16:04 . 2005-01-13 10:06 35,107 --a------ C:\WINDOWS\system32\drivers\VDiskBus.sys
2007-12-08 16:03 . 2007-12-08 16:04 <DIR> d-------- C:\Program Files\Winternals
2007-12-08 16:02 . 2007-12-08 16:02 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2007-12-08 16:02 . 2002-12-16 18:11 76,288 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 19:22 337,027 --sha-w C:\WINDOWS\system32\tstwa.ini.ren
2007-12-21 02:27 327,255 ----a-w C:\WINDOWS\system32\tstwa.bak1.ren
2007-12-20 18:17 334,041 ----a-w C:\WINDOWS\system32\tstwa.bak2.ren
2007-12-19 01:53 --------- d-----w C:\Documents and Settings\DJJEFFRY2006\Application Data\LimeWire
2007-12-16 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 14:19 --------- d-----w C:\Program Files\Trillian
2007-12-03 21:50 --------- d-----w C:\Program Files\Grand Slam Photo Studio
2007-11-28 23:01 --------- d-----w C:\Program Files\QuickTime
2007-11-28 23:00 --------- d-----w C:\Program Files\Yahoo!
2007-11-24 19:56 --------- d-----w C:\Program Files\InterActual
2007-11-24 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 18:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2007-11-21 04:08 --------- d-----w C:\Documents and Settings\DJJEFFRY2006\Application Data\FrostWire
2007-11-20 14:35 166,945 ----a-w C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-11-20 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2007-11-19 23:14 --------- d-----w C:\Documents and Settings\Guest\Application Data\MySpace
2007-11-18 01:43 7,423 ----a-w C:\WINDOWS\system32\tstwa.tmp.ren
2007-11-17 20:41 15,581,337 ----a-w C:\Documents and Settings.zip
2007-11-14 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-14 15:37 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-11-14 05:13 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 21:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-30 06:37 --------- d--h--r C:\Documents and Settings\DJJEFFRY2006\Application Data\yahoo!
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 18:06 --------- d-----w C:\Program Files\TOSHIBA
2007-10-29 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-29 15:43 --------- d-----w C:\Documents and Settings\DJJEFFRY2006\Application Data\Aim
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2007-10-23 10:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-22 04:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-20 00:56 120,056 -c--a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 -c--a-w C:\WINDOWS\system32\pxinsi64.exe
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-21 20:32 165472 --a------ C:\WINDOWS\system32\yuvtpbgt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2DAF712-34F5-3609-892B-3FE672F103E7}]
2007-11-01 05:44 0 --a------ C:\WINDOWS\system32\bcca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"Eprc"="C:\DOCUME~1\DJJEFF~1\APPLIC~1\SSTEM~1\dvdplay.exe" []
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-05-16 10:18]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-05-23 14:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 14:03]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 16:03]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 16:02]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-05 22:06]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 05:20]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 11:11]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 15:03 C:\WINDOWS\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 14:49 C:\WINDOWS\RTHDCPL.exe]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-22 16:58]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 17:54]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-12-19 09:18]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 07:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 07:15]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\Cloud 1.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\00001cutehug.gif
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wcvuxaqa]
wcvuxaqa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yuvtpbgt]
yuvtpbgt.dll 2007-12-21 20:32 165472 C:\WINDOWS\system32\yuvtpbgt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares lite]
C:\Program Files\Ares Lite\Ares.exe -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"winss"=2 (0x2)
"WinDefend"=2 (0x2)
"IDriverT"=3 (0x3)
"CcEvtSvc"=2 (0x2)
"ACS"=2 (0x2)

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 vdiskbus;Virtual Disk Bus;C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2005-01-13 10:06]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 20:09]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 21:25:15 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2007-12-16 18:33:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-06 18:33:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-07 17:05:17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.

bigmatt267
2007-12-22, 07:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\problems.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;*.qvc.com;<local>
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\yuvtpbgt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B2DAF712-34F5-3609-892B-3FE672F103E7} - C:\WINDOWS\system32\bcca.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\DJJEFF~1\APPLIC~1\SSTEM~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wcvuxaqa - wcvuxaqa.dll (file missing)
O20 - Winlogon Notify: yuvtpbgt - C:\WINDOWS\SYSTEM32\yuvtpbgt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\Cloud 1.gif
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\DJJEFFRY2006\Desktop\cloud\00001cutehug.gif
O24 - Desktop Component 3: (no name) - http://www.myspace.com/

--

bigmatt267
2007-12-22, 07:49
im still having trouble with inject
what did u find out from the logs?
and thank you for helping me so far btw!:bigthumb:

bigmatt267
2007-12-22, 15:50
i ran uniblue registry booster after i posted these logs, and it found 100 errors in the registry and i repaired them. is it possible that i restored the registry keys for virtumonde? im about to run superantispyware and spybot s&d. will post anything new.

steamwiz
2007-12-22, 22:23
Hi

I don't know much about uniblue registry booster but I do know it makes a backup the Windows registry, so YES, it may well have restored the bad keys/values ... Personally I don't like registry cleaners, I've never seen one that was reliable yet ...

Those 2 programs between them removed nearly 500 malware registry entries & files ... & your computer is still severely infected ...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)


File::
C:\pos2AF4.tmp
C:\pos2903.tmp
C:\pos270F.tmp
C:\pos266B.tmp
C:\pos251B.tmp
C:\pos231C.tmp
C:\pos2288.tmp
C:\pos21A2.tmp
C:\pos2122.tmp
C:\pos1F1C.tmp
C:\pos1DCD.tmp
C:\pos1D43.tmp
C:\pos1D2B.tmp
C:\pos1AEA.tmp
C:\pos1948.tmp
C:\pos1608.tmp
C:\pos1515.tmp
C:\pos17EC.tmp
C:\pos16BF.tmp
C:\pos1385.tmp
C:\pos1186.tmp
C:\posFFD.tmp
C:\posFA0.tmp
C:\posDA5.tmp
C:\posBF1.tmp
C:\posB70.tmp
C:\pos9B4.tmp
C:\pos7C9.tmp
C:\pos5DA.tmp
C:\pos8.tmp
C:\pos2E5F.tmp
C:\WINDOWS\system32\bcca.dll
C:\WINDOWS\system32\yuvtpbgt.dllbox
C:\WINDOWS\system32\yuvtpbgt.dll
C:\WINDOWS\system32\dnkwexcf.dll
C:\WINDOWS\system32\ibfeqcbx.ini
C:\WINDOWS\system32\fptjeedw.ini.ren
C:\WINDOWS\system32\vedkqcob.dll.ren
C:\WINDOWS\system32\icrukoyh.ini.ren
C:\WINDOWS\system32\kpiijkql.dll
C:\WINDOWS\system32\hyemgbbi.dll.ren
C:\WINDOWS\system32\awtst.V86dll
C:\WINDOWS\system32\awtst.V85dll
C:\WINDOWS\system32\awtst.V84dll
C:\WINDOWS\system32\awtst.V83dll
C:\WINDOWS\system32\awtst.V82dll
C:\WINDOWS\system32\awtst.V81dll
C:\WINDOWS\system32\awtst.V80dll
C:\WINDOWS\system32\awtst.V79dll
C:\WINDOWS\system32\awtst.V78dll
C:\WINDOWS\system32\awtst.V77dll
C:\WINDOWS\system32\awtst.V76dll
C:\WINDOWS\system32\awtst.V46dll
C:\WINDOWS\system32\awtst.V27dll
C:\WINDOWS\system32\awtst.V07dll
C:\WINDOWS\system32\awtst.V06dll
C:\WINDOWS\system32\awtst.V05dll
C:\WINDOWS\system32\awtst.V04dll
C:\WINDOWS\system32\awtst.V03dll
C:\WINDOWS\system32\awtst.V02dll
C:\WINDOWS\system32\awtst.V01dll
C:\WINDOWS\system32\swikqthw.Vdll
C:\WINDOWS\system32\awtst.Vdll
C:\WINDOWS\system32\awtst.V00dll
C:\WINDOWS\system32\tstwa.ini.ren
C:\WINDOWS\system32\tstwa.bak1.ren
C:\WINDOWS\system32\tstwa.bak2.ren
C:\WINDOWS\system32\tstwa.tmp.ren

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2DAF712-34F5-3609-892B-3FE672F103E7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eprc"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wcvuxaqa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yuvtpbgt]




Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

-
Did you know "user tracking" was disabled ?

When disabled ...it prevents the system from tracking the programs users run, the paths they navigate, and the documents they open. The system uses this information to customize Windows features. As a result, the system disables customized menus and other features that require user tracking information.

steam

tashi
2008-01-09, 00:11
bigmatt267, still with us?



Those 2 programs between them removed nearly 500 malware registry entries & files ... & your computer is still severely infected ...

tashi
2008-01-13, 19:37
This topic has been archived due to inactivity.

As it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened.

If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread. :)