PDA

View Full Version : virtumonde.dll & smitfraud.c



cntrlmescott
2008-03-26, 01:30
I was reading some of the post on these 2 issues and it seems like most people were directed to d/l combofix. I have done that and this is what it spit out at me afterwards in notepad. Please let me know what I should do next please.

ComboFix 08-03-25.1 - Rent A Center 2008-03-25 19:04:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT -4:00]
Running from: C:\Documents and Settings\Rent A Center\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM838c6971.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bemejjet.ini
C:\WINDOWS\system32\dnpiinph.dll
C:\WINDOWS\system32\ewhhonis.ini
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\idlkyrkn.dll
C:\WINDOWS\system32\iifecca.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\rtutv.ini
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\sinohhwe.dll
C:\WINDOWS\system32\tejjemeb.dll
C:\WINDOWS\system32\vtutttt.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 18:23 . 2008-03-25 18:23 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-25 16:44 . 2008-03-25 16:44 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-25 16:36 . 2007-08-13 19:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-03-25 14:00 . 2006-10-04 10:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-25 14:00 . 2006-10-04 10:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-25 14:00 . 2006-10-04 10:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-25 13:58 . 2008-03-25 13:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-25 13:43 . 2008-03-25 13:48 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-25 13:36 . 2006-11-01 20:48 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2008-03-25 13:36 . 2006-11-01 20:48 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-03-25 13:36 . 2006-11-01 20:48 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2008-03-25 13:36 . 2006-11-01 20:48 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2008-03-25 13:36 . 2006-11-01 20:48 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2008-03-25 13:22 . 2008-03-25 13:22 290,816 --a------ C:\WINDOWS\system32\pmnno.dll_old
2008-03-25 10:58 . 2008-03-25 16:06 <DIR> d-------- C:\scott
2008-03-24 20:49 . 2008-03-24 20:49 290,816 --a------ C:\WINDOWS\system32\vtutr.dll_old
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\WINDOWS\system32\winz1
2008-03-24 15:33 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\WINDOWS\system32\xTmp
2008-03-24 15:26 . 2008-03-24 16:43 <DIR> d-------- C:\WINDOWS\system32\usnv
2008-03-24 15:26 . 2008-03-24 15:38 <DIR> d-------- C:\WINDOWS\system32\IDME
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\WINDOWS\system32\bz3
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\Temp\gbRve12
2008-03-24 15:26 . 2008-03-25 19:04 <DIR> d-------- C:\Temp
2008-03-24 13:03 . 2008-03-24 14:39 <DIR> d-------- C:\Program Files\There
2008-03-24 11:29 . 2008-03-24 11:29 <DIR> d-------- C:\Documents and Settings\Rent A Center\Application Data\AdobeUM
2008-03-24 09:50 . 2008-03-24 09:50 <DIR> d-------- C:\Documents and Settings\Rent A Center\Application Data\CyberLink
2008-03-23 17:18 . 2008-03-23 17:18 <DIR> d-------- C:\Program Files\DellSupport
2008-03-23 00:41 . 2008-03-23 00:41 <DIR> d-------- C:\WINDOWS\Sun
2008-03-22 23:39 . 2008-03-24 15:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-22 23:39 . 2008-03-24 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 23:31 . 2008-03-22 23:31 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-22 23:31 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 23:31 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 23:31 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 23:31 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 23:31 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 23:31 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 23:31 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 23:31 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 22:56 . 2008-03-22 22:56 <DIR> d-------- C:\Documents and Settings\Rent A Center\Application Data\Yahoo!
2008-03-22 19:40 . 2008-03-22 19:40 <DIR> d-------- C:\Documents and Settings\Rent A Center\Desktopvirii
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\DesktopTrojan.Win32.BlackBird.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\DesktopFWebdEditor.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\Desktopfwebd.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\Desktopfkwp2.0.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\Desktopfkwp1.5.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\Desktopfilemanagerclient.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\DesktopEditorFKWP2.0.exe
2008-03-22 19:40 . 2008-03-22 19:40 4,096 --a------ C:\Documents and Settings\Rent A Center\DesktopEditorFKWP1.5.exe
2008-03-22 19:39 . 2008-03-23 17:29 <DIR> d--h----- C:\Documents and Settings\Rent A Center\Application Data\Gtek
2008-03-22 19:18 . 2008-03-22 19:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Yahoo!
2008-03-22 19:16 . 2008-03-22 19:16 <DIR> d-------- C:\Documents and Settings\user\Desktopvirii
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\DesktopTrojan.Win32.BlackBird.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\DesktopFWebdEditor.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\Desktopfwebd.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\Desktopfkwp2.0.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\Desktopfkwp1.5.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\Desktopfilemanagerclient.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\DesktopEditorFKWP2.0.exe
2008-03-22 19:16 . 2008-03-22 19:16 4,096 --a------ C:\Documents and Settings\user\DesktopEditorFKWP1.5.exe
2008-03-22 19:15 . 2008-03-23 17:18 <DIR> d--h----- C:\Documents and Settings\user\Application Data\Gtek
2008-03-22 12:16 . 2008-03-22 12:16 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-22 08:08 . 2008-03-22 08:08 <DIR> d-------- C:\WINDOWS\system32smp
2008-03-22 02:16 . 2008-03-22 02:01 245,760 --a------ C:\WINDOWS\drnpfdxmlp.dll
2008-03-22 02:16 . 2008-03-22 02:01 241,664 --a------ C:\WINDOWS\altvxvm.dll
2008-03-22 01:09 . 2005-03-14 13:00 24,576 --a------ C:\WINDOWS\system32\CTWEBFUN.DLL
2008-03-22 01:08 . 2008-03-22 01:09 <DIR> d-------- C:\Program Files\Creative
2008-03-22 01:05 . 2008-03-24 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 01:05 . 2008-03-22 01:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 21:56 . 2008-03-21 21:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-21 20:42 . 2008-03-21 20:42 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-21 20:10 . 2008-02-20 22:05 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:10 . 2008-02-20 22:05 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 20:10 . 2008-02-20 22:05 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-21 20:09 . 2008-03-22 08:08 <DIR> d-------- C:\Program Files\DivX
2008-03-21 18:53 . 2008-03-21 18:53 2 --a------ C:\WINDOWS\msoffice.ini
2008-03-21 18:25 . 2008-03-25 13:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-21 18:23 . 2006-10-16 12:15 122,880 --------- C:\WINDOWS\system32\dllcache\oledlg.dll
2008-03-21 18:23 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-21 18:23 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-21 18:23 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-21 18:23 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-21 18:22 . 2007-04-25 10:21 144,896 --------- C:\WINDOWS\system32\dllcache\schannel.dll
2008-03-21 18:22 . 2008-03-21 18:22 4,128 --a------ C:\INFCACHE.1
2008-03-21 18:19 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-21 17:55 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-21 17:53 . 2008-03-21 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-21 16:41 . 2008-03-21 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-21 16:39 . 2008-03-21 16:40 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-15 08:43 . 2008-03-15 08:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
2008-03-03 15:23 . 2008-03-03 15:23 <DIR> d-------- C:\WINDOWS\system32\Rac English Screensaver
2008-03-03 15:23 . 2008-03-03 15:23 <DIR> d-------- C:\WINDOWS\Md5dll
2008-03-03 15:23 . 2008-03-03 15:38 <DIR> d-------- C:\Program Files\Rac English Screensaver
2008-03-03 15:18 . 2006-03-11 05:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-03-03 15:18 . 2006-03-11 05:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek
2008-03-03 15:07 . 2008-03-03 15:07 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 17:35 --------- d-----w C:\Program Files\Dell
2008-03-23 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-23 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-22 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-22 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 23:42 --------- d-----w C:\Program Files\Google
2008-03-21 22:54 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-21 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-21 02:05 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01ABF81E-9D09-48EB-99E8-5D282DA7365C}]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1098C2BD-4709-4891-ADE8-5F4DBDD1A110}]
2008-03-22 02:01 245760 --a------ C:\WINDOWS\drnpfdxmlp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B6A5732-055C-4BE9-A14D-2A68EB974B44}]
C:\WINDOWS\system32\vtutr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF252FAA-AB33-4ACA-A8DB-8E4D89C0FB60}]
C:\WINDOWS\system32\pmnno.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBI"="C:\Documents and Settings\rac\Local Settings\Temporary Internet Files\Content.IE5\99L4IOPX\setup_sbd_en[1].exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 06:56 761947]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 01:19 393216 C:\WINDOWS\stsystra.exe]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 13:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"cnrskjyb"="C:\WINDOWS\system32\cnrskjyb.exe" [2008-03-22 02:17 90112]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"EbmNiCC5ui"= C:\WINDOWS\ahqvkhsd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"= {8FBFEB37-31D7-4790-AF82-037A5E56CE08} - C:\WINDOWS\altvxvm.dll [2008-03-22 02:01 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecca]
iifecca.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbmNiCC5ui]
C:\WINDOWS\ahqvkhsd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-10-14 22:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-10-14 22:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-10-14 22:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 18:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-11 05:29 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-03-11 05:29 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 19:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 22:26:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 19:11:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\altvxvm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-03-25 19:13:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 23:12:57
.
2008-03-25 21:14:42 --- E O F ---


Any info would be greatly appreciated. Thank you in advance. ( I hope )

129260
2008-03-26, 18:35
when seeking malware assistance. please post in the malware removal forum.
before you post read this:
http://forums.spybot.info/showthread.php?t=288

Here is the link to the malware removal forum:
http://forums.spybot.info/forumdisplay.php?f=22

cntrlmescott
2008-03-27, 16:22
I am sorry I thought I put it in the right place. :oops:

129260
2008-03-27, 18:26
haha :)