Vitumonde

**Llama** · 2008-01-04, 06:50

Had this for a while now and is more of an annoyance than a problem. Anyway, from the procedure...

1) Kaspersky Online Scanner did not work with opera so I tried using IE like it said but then it couldnt load the webpage so I redownloaded IE then ran it again, the web-page loaded but the "accept" button wouldn't work even after setting all options in the security menu to "prompt" then clicking "yes" to allowing activeX controlls from the webpage. If im doing something wrong tell me and ill fix it

2) & 3) Running SpyBot-S&D while in safe mode (this also happens in normal startup), well, it gets about 1/2 way through then comes up with a "failed to load xxxx_xx.dll" for every entry that it didnt get to remove the displayes "error-out of ram" I had 1GB of my 1.5GB left at the time and spybot was only using 130ishMB

4) HJT-the thing that actually worked

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:04 p.m., on 4/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089BB353-5ED8-4C9B-866C-31605CFD2EFF} - (no file)
O2 - BHO: (no name) - {0F13071E-0B38-4324-839C-CA20E1C8C27C} - (no file)
O2 - BHO: (no name) - {153E1C77-992C-47A7-884D-04C89AF8E73F} - (no file)
O2 - BHO: {dfcd1620-1261-50ab-14b4-e8e2ccb3f302} - {203f3bcc-2e8e-4b41-ba05-16210261dcfd} - C:\WINDOWS\system32\sniifkxi.dll
O2 - BHO: (no name) - {2B380D9A-61A6-4D9F-97C0-4916CC7003EA} - (no file)
O2 - BHO: (no name) - {2F626105-5DC9-4623-A85B-67E64503249B} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {2F7A9AF9-2277-4C31-B19E-7B09931AC99F} - (no file)
O2 - BHO: (no name) - {31B2E6EC-2CAF-42F2-8A69-D5208B13D3A4} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {3496AEAA-BD5E-4FC9-8E9E-66725F6A545B} - (no file)
O2 - BHO: (no name) - {36330830-6053-4E17-9B59-B55CF7101A19} - (no file)
O2 - BHO: (no name) - {37024FFE-F851-45A4-81DE-372AE57056C3} - (no file)
O2 - BHO: (no name) - {46782F63-2C18-4B43-90EC-C63E8AF6166B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59DFAEF9-71AB-44D0-ACE5-065317A0B614} - (no file)
O2 - BHO: (no name) - {6AE40AC7-A7FB-4077-B271-5A156B9D980D} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\byxyvut.dll (file missing)
O2 - BHO: (no name) - {77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A} - (no file)
O2 - BHO: (no name) - {81FC19CA-4C54-4AB6-8952-341345BB8E7C} - (no file)
O2 - BHO: (no name) - {A204BC7D-6B84-4915-A629-76F790E96751} - (no file)
O2 - BHO: (no name) - {ACD52C84-DCCD-4A64-ACF3-478DA69B95CF} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O2 - BHO: (no name) - {C4D3D881-5B72-4966-8418-4B1C3C6D8D5B} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {C744ED46-F576-4C63-B383-8A80CFCBC5F5} - (no file)
O2 - BHO: (no name) - {CA3EA2D9-48F5-4012-8C1A-10274F99A3FD} - (no file)
O2 - BHO: (no name) - {E735962A-4C19-4447-BE6F-0BA3CE6EAE44} - (no file)
O2 - BHO: (no name) - {E96D4F03-E048-46DD-98D7-B15530AF90EC} - (no file)
O2 - BHO: (no name) - {EE403AD3-4C0A-48D4-9618-BC8D5838CD9E} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {EFD2D48C-972D-48F3-BD00-089DFB39DAEC} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {F5CB5F68-091E-4F25-8998-40B75CF3D268} - C:\WINDOWS\system32\ijctcdso.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: byxyvut - byxyvut.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7242 bytes

Cheers!

**ken545** · 2008-01-04, 13:26

Hello
Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Your infected with the Vundo Trojan.

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

====================================================

Open Hijackthis to Scan Only, close all open windows including this one , place a checkmark in the following entries and click on Fix Checked.

O2 - BHO: (no name) - {089BB353-5ED8-4C9B-866C-31605CFD2EFF} - (no file)
O2 - BHO: (no name) - {0F13071E-0B38-4324-839C-CA20E1C8C27C} - (no file)
O2 - BHO: (no name) - {153E1C77-992C-47A7-884D-04C89AF8E73F} - (no file)
O2 - BHO: {dfcd1620-1261-50ab-14b4-e8e2ccb3f302} - {203f3bcc-2e8e-4b41-ba05-16210261dcfd} - C:\WINDOWS\system32\sniifkxi.dll
O2 - BHO: (no name) - {2B380D9A-61A6-4D9F-97C0-4916CC7003EA} - (no file)
O2 - BHO: (no name) - {2F626105-5DC9-4623-A85B-67E64503249B} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {2F7A9AF9-2277-4C31-B19E-7B09931AC99F} - (no file)
O2 - BHO: (no name) - {31B2E6EC-2CAF-42F2-8A69-D5208B13D3A4} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: (no name) - {3496AEAA-BD5E-4FC9-8E9E-66725F6A545B} - (no file)
O2 - BHO: (no name) - {36330830-6053-4E17-9B59-B55CF7101A19} - (no file)
O2 - BHO: (no name) - {37024FFE-F851-45A4-81DE-372AE57056C3} - (no file)
O2 - BHO: (no name) - {46782F63-2C18-4B43-90EC-C63E8AF6166B} - (no file)
O2 - BHO: (no name) - {59DFAEF9-71AB-44D0-ACE5-065317A0B614} - (no file)
O2 - BHO: (no name) - {6AE40AC7-A7FB-4077-B271-5A156B9D980D} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\byxyvut.dll (file missing)
O2 - BHO: (no name) - {77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A} - (no file)
O2 - BHO: (no name) - {81FC19CA-4C54-4AB6-8952-341345BB8E7C} - (no file)
O2 - BHO: (no name) - {A204BC7D-6B84-4915-A629-76F790E96751} - (no file)
O2 - BHO: (no name) - {ACD52C84-DCCD-4A64-ACF3-478DA69B95CF} - (no file)
O2 - BHO: (no name) - {C744ED46-F576-4C63-B383-8A80CFCBC5F5} - (no file)
O2 - BHO: (no name) - {CA3EA2D9-48F5-4012-8C1A-10274F99A3FD} - (no file)
O2 - BHO: (no name) - {E735962A-4C19-4447-BE6F-0BA3CE6EAE44} - (no file)
O2 - BHO: (no name) - {E96D4F03-E048-46DD-98D7-B15530AF90EC} - (no file)
O2 - BHO: (no name) - {EE403AD3-4C0A-48D4-9618-BC8D5838CD9E} - C:\WINDOWS\system32\mljgg.dll (file missing)
O2 - BHO: (no name) - {EFD2D48C-972D-48F3-BD00-089DFB39DAEC} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {F5CB5F68-091E-4F25-8998-40B75CF3D268} - C:\WINDOWS\system32\ijctcdso.dll
O20 - Winlogon Notify: byxyvut - byxyvut.dll (file missing)

=============================================

Download VundoFix to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

=================================================

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

===============================================

The thieves that have written Vundo have written it to evade a HJT scan so we need to rename it

This is important, do this before you post a HJT log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass )and rename it to Safer.exe

I need to see the Vundo log, the Combofix log and a new HJT log renamed please

**Llama** · 2008-01-05, 05:14

alrighty then, here are the logs:

HJT (renamed safer):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:58 p.m., on 5/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O2 - BHO: (no name) - {BE4E0AAE-947C-4C6D-A58C-11531F18F615} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4814 bytes

================================

note that with the HJT there was no entry for:

O2 - BHO: {dfcd1620-1261-50ab-14b4-e8e2ccb3f302} - {203f3bcc-2e8e-4b41-ba05-16210261dcfd} - C:\WINDOWS\system32\sniifkxi.dll

that was in the original log so im going to assume that thats a good thing. Also that there were 3 more entires that wernt in the old log but I had told teatimer to block but then must've come back when I had to disable teatimer. They were
02-BHO: (no name)-{BE4EO... (I didnt record beyond there)
02-BHO: (no name)-{C4D3D...
02-BHO: {cleqf355... ...eayswvhm.dll

I told HJT to fix these also

Cheers!

**Llama** · 2008-01-05, 05:15

VundoFix V6.7.7

Checking Java version...

Scan started at 2:27:03 p.m. 5/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\aaknmvjq.dll
C:\WINDOWS\system32\adlsnobs.exe
C:\WINDOWS\system32\ahdwqato.dll
C:\WINDOWS\system32\ajonptpu.exe
C:\windows\system32\alhtvotv.exe
C:\WINDOWS\system32\awtsq.dll
C:\windows\system32\awtst.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\axcuflob.ini
C:\WINDOWS\system32\bbsxcuij.dll
C:\windows\system32\becwkcjv.dll
C:\WINDOWS\system32\bolfucxa.dll
C:\WINDOWS\system32\bvdkmxth.dll
C:\WINDOWS\system32\bvqibiym.exe
C:\WINDOWS\system32\chglhuof.exe
C:\windows\system32\cwetqyra.exe
C:\WINDOWS\system32\cxokrsci.exe
C:\WINDOWS\system32\cyphjvsd.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayw.dll
C:\windows\system32\dfhkj.bak1
C:\windows\system32\dfhkj.bak2
C:\windows\system32\dfhkj.ini
C:\windows\system32\dmogiavb.exe
C:\windows\system32\dpqjsxib.exe
C:\windows\system32\dvlqgali.dll
C:\WINDOWS\system32\eayswvhm.dll
C:\WINDOWS\system32\elaxnhma.dll
C:\WINDOWS\system32\eyreuxfn.dll
C:\WINDOWS\system32\fasfeobe.dll
C:\windows\system32\fdjnrltd.exe
C:\WINDOWS\system32\fesbqxie.dll
C:\WINDOWS\system32\fklglesy.dll
C:\WINDOWS\system32\fsfcwhtx.exe
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\geeba.dll
C:\windows\system32\geqqsquo.exe
C:\WINDOWS\system32\gjbgxynq.dll
C:\windows\system32\gjifoxau.exe
C:\WINDOWS\system32\gqvrmqup.exe
C:\windows\system32\gykxqafx.dll
C:\WINDOWS\system32\hdhxgsfp.dll
C:\windows\system32\hfsdbvnc.exe
C:\WINDOWS\system32\hfuoneen.dll
C:\windows\system32\hlmkucft.exe
C:\windows\system32\hquvjuap.exe
C:\windows\system32\hrollkox.dll
C:\windows\system32\igpibhxt.exe
C:\WINDOWS\system32\igufkhxu.dll
C:\windows\system32\jjkmp.bak1
C:\windows\system32\jjkmp.bak2
C:\windows\system32\jjkmp.ini
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkkhhhh.dll
C:\WINDOWS\system32\jmjefleo.dll
C:\windows\system32\jrodkada.dll
C:\WINDOWS\system32\jvgprrfc.dll
C:\windows\system32\kacrvcyg.exe
C:\WINDOWS\system32\katvejuw.dll
C:\WINDOWS\system32\kmimrcan.dll
C:\WINDOWS\system32\kqnrxlfd.dll
C:\windows\system32\krxrmntp.exe
C:\WINDOWS\system32\ktukoyuk.dll
C:\windows\system32\lacfywqk.exe
C:\windows\system32\lgwtldka.exe
C:\WINDOWS\system32\lkjjjqwd.dll
C:\windows\system32\lsobirnp.exe
C:\windows\system32\lweibfwf.dll
C:\WINDOWS\system32\lxglswgq.exe
C:\windows\system32\lypgbkip.dll
C:\windows\system32\mecdfdko.exe
C:\windows\system32\mfosuqis.exe
C:\windows\system32\mrykioey.exe
C:\windows\system32\naajkicb.exe
C:\WINDOWS\system32\nnnolji.dll
C:\WINDOWS\system32\nukbqfth.dll
C:\WINDOWS\system32\obwmknxi.dll
C:\WINDOWS\system32\oddwwhvn.exe
C:\windows\system32\oiitldsl.exe
C:\windows\system32\oitqnbnw.dll
C:\windows\system32\ojdoqvdx.exe
C:\windows\system32\olqtxsad.exe
C:\WINDOWS\system32\otaqwdha.ini
C:\windows\system32\ovgvfrss.exe
C:\WINDOWS\system32\pecmhkdc.dll
C:\windows\system32\pflsjqrh.exe
C:\WINDOWS\system32\pjpgaqqp.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnyjecn.dll
C:\windows\system32\prjjbnuj.exe
C:\windows\system32\pvbsrogp.exe
C:\windows\system32\qbyhnxay.exe
C:\windows\system32\qirqllld.exe
C:\WINDOWS\system32\qjvmnkaa.ini
C:\WINDOWS\system32\qkwtvamq.dll
C:\windows\system32\qqstv.bak1
C:\windows\system32\qqstv.bak2
C:\windows\system32\qqstv.ini
C:\windows\system32\qstwa.bak1
C:\windows\system32\qstwa.ini
C:\WINDOWS\system32\qxbgyhrt.dll
C:\windows\system32\rdgoqilo.dll
C:\windows\system32\rhhgbaov.exe
C:\windows\system32\rnekbkav.exe
C:\windows\system32\rtkugord.exe
C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rvudfbln.dll
C:\windows\system32\rxqemcmh.dll
C:\WINDOWS\system32\ryyrcatv.dll
C:\WINDOWS\system32\sniifkxi.dll
C:\WINDOWS\system32\sscmyuhb.dll
C:\WINDOWS\system32\ssqrq.dll
C:\windows\system32\stbkhppd.dll
C:\windows\system32\stvwa.bak1
C:\windows\system32\stvwa.ini
C:\WINDOWS\system32\suhuhspi.dll
C:\WINDOWS\system32\svmnyjms.dll
C:\WINDOWS\system32\swjiftdp.dll
C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.ini
C:\WINDOWS\system32\ttlavuqh.exe
C:\windows\system32\txdbbppg.dll
C:\WINDOWS\system32\uexeygti.exe
C:\WINDOWS\system32\ufqdiqog.dll
C:\WINDOWS\system32\unfjwvfd.dll
C:\WINDOWS\system32\uoxqpvtf.dll
C:\windows\system32\usqetaxl.exe
C:\windows\system32\vaculevs.dll
C:\WINDOWS\system32\vcowypym.dll
C:\WINDOWS\system32\vgxkbxgg.dll
C:\windows\system32\vieoegty.exe
C:\windows\system32\voumqsqp.dll
C:\WINDOWS\system32\vtsqq.dll
C:\windows\system32\vyxejewr.exe
C:\WINDOWS\system32\wigkbtry.dll
C:\WINDOWS\system32\wqfutprs.exe
C:\windows\system32\wrbcjmtt.exe
C:\WINDOWS\system32\wvuutts.dll
C:\windows\system32\wyilrbiv.exe
C:\windows\system32\xljkllom.exe
C:\windows\system32\xlwfaeiu.exe
C:\WINDOWS\system32\xthmfrms.dll
C:\WINDOWS\system32\yayxwxy.dll
C:\WINDOWS\system32\yjdxymxw.dll
C:\WINDOWS\system32\yjxrodkv.dll
C:\windows\system32\yrdomwof.exe
C:\WINDOWS\system32\ysitxjgt.dll
C:\windows\system32\yyfdfvip.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aaknmvjq.dll
C:\WINDOWS\system32\aaknmvjq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\adlsnobs.exe
C:\WINDOWS\system32\adlsnobs.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ahdwqato.dll
C:\WINDOWS\system32\ahdwqato.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ajonptpu.exe
C:\WINDOWS\system32\ajonptpu.exe Has been deleted!

Attempting to delete C:\windows\system32\alhtvotv.exe
C:\windows\system32\alhtvotv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\awtsq.dll Has been deleted!

Attempting to delete C:\windows\system32\awtst.dll
C:\windows\system32\awtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\awvtr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\axcuflob.ini
C:\WINDOWS\system32\axcuflob.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbsxcuij.dll
C:\WINDOWS\system32\bbsxcuij.dll Has been deleted!

Attempting to delete C:\windows\system32\becwkcjv.dll
C:\windows\system32\becwkcjv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bolfucxa.dll
C:\WINDOWS\system32\bolfucxa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bvdkmxth.dll
C:\WINDOWS\system32\bvdkmxth.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bvqibiym.exe
C:\WINDOWS\system32\bvqibiym.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\chglhuof.exe
C:\WINDOWS\system32\chglhuof.exe Has been deleted!

Attempting to delete C:\windows\system32\cwetqyra.exe
C:\windows\system32\cwetqyra.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cxokrsci.exe
C:\WINDOWS\system32\cxokrsci.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cyphjvsd.dll
C:\WINDOWS\system32\cyphjvsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\ddayw.dll Has been deleted!

Attempting to delete C:\windows\system32\dfhkj.bak1
C:\windows\system32\dfhkj.bak1 Has been deleted!

Attempting to delete C:\windows\system32\dfhkj.bak2
C:\windows\system32\dfhkj.bak2 Has been deleted!

Attempting to delete C:\windows\system32\dfhkj.ini
C:\windows\system32\dfhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\dmogiavb.exe
C:\windows\system32\dmogiavb.exe Has been deleted!

Attempting to delete C:\windows\system32\dpqjsxib.exe
C:\windows\system32\dpqjsxib.exe Has been deleted!

Attempting to delete C:\windows\system32\dvlqgali.dll
C:\windows\system32\dvlqgali.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eayswvhm.dll
C:\WINDOWS\system32\eayswvhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\elaxnhma.dll
C:\WINDOWS\system32\elaxnhma.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eyreuxfn.dll
C:\WINDOWS\system32\eyreuxfn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fasfeobe.dll
C:\WINDOWS\system32\fasfeobe.dll Has been deleted!

Attempting to delete C:\windows\system32\fdjnrltd.exe
C:\windows\system32\fdjnrltd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fesbqxie.dll
C:\WINDOWS\system32\fesbqxie.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fklglesy.dll
C:\WINDOWS\system32\fklglesy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fsfcwhtx.exe
C:\WINDOWS\system32\fsfcwhtx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebcd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll Has been deleted!

Attempting to delete C:\windows\system32\geqqsquo.exe
C:\windows\system32\geqqsquo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjbgxynq.dll
C:\WINDOWS\system32\gjbgxynq.dll Has been deleted!

Attempting to delete C:\windows\system32\gjifoxau.exe
C:\windows\system32\gjifoxau.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gqvrmqup.exe
C:\WINDOWS\system32\gqvrmqup.exe Has been deleted!

Attempting to delete C:\windows\system32\gykxqafx.dll
C:\windows\system32\gykxqafx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdhxgsfp.dll
C:\WINDOWS\system32\hdhxgsfp.dll Has been deleted!

Attempting to delete C:\windows\system32\hfsdbvnc.exe
C:\windows\system32\hfsdbvnc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hfuoneen.dll
C:\WINDOWS\system32\hfuoneen.dll Has been deleted!

Attempting to delete C:\windows\system32\hlmkucft.exe
C:\windows\system32\hlmkucft.exe Has been deleted!

Attempting to delete C:\windows\system32\hquvjuap.exe
C:\windows\system32\hquvjuap.exe Has been deleted!

Attempting to delete C:\windows\system32\hrollkox.dll
C:\windows\system32\hrollkox.dll Has been deleted!

Attempting to delete C:\windows\system32\igpibhxt.exe
C:\windows\system32\igpibhxt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igufkhxu.dll
C:\WINDOWS\system32\igufkhxu.dll Has been deleted!

Attempting to delete C:\windows\system32\jjkmp.bak1
C:\windows\system32\jjkmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\jjkmp.bak2
C:\windows\system32\jjkmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\jjkmp.ini
C:\windows\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhhhh.dll
C:\WINDOWS\system32\jkkhhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmjefleo.dll
C:\WINDOWS\system32\jmjefleo.dll Has been deleted!

Attempting to delete C:\windows\system32\jrodkada.dll
C:\windows\system32\jrodkada.dll Has been deleted!

Attempting to delete C:\windows\system32\kacrvcyg.exe
C:\windows\system32\kacrvcyg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\katvejuw.dll
C:\WINDOWS\system32\katvejuw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kmimrcan.dll
C:\WINDOWS\system32\kmimrcan.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kqnrxlfd.dll
C:\WINDOWS\system32\kqnrxlfd.dll Has been deleted!

Attempting to delete C:\windows\system32\krxrmntp.exe
C:\windows\system32\krxrmntp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ktukoyuk.dll
C:\WINDOWS\system32\ktukoyuk.dll Has been deleted!

Attempting to delete C:\windows\system32\lacfywqk.exe
C:\windows\system32\lacfywqk.exe Has been deleted!

Attempting to delete C:\windows\system32\lgwtldka.exe
C:\windows\system32\lgwtldka.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lkjjjqwd.dll
C:\WINDOWS\system32\lkjjjqwd.dll Has been deleted!

Attempting to delete C:\windows\system32\lsobirnp.exe
C:\windows\system32\lsobirnp.exe Has been deleted!

Attempting to delete C:\windows\system32\lweibfwf.dll
C:\windows\system32\lweibfwf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lxglswgq.exe
C:\WINDOWS\system32\lxglswgq.exe Has been deleted!

Attempting to delete C:\windows\system32\lypgbkip.dll
C:\windows\system32\lypgbkip.dll Has been deleted!

Attempting to delete C:\windows\system32\mecdfdko.exe
C:\windows\system32\mecdfdko.exe Has been deleted!

Attempting to delete C:\windows\system32\mfosuqis.exe
C:\windows\system32\mfosuqis.exe Has been deleted!

Attempting to delete C:\windows\system32\mrykioey.exe
C:\windows\system32\mrykioey.exe Has been deleted!

Attempting to delete C:\windows\system32\naajkicb.exe
C:\windows\system32\naajkicb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnolji.dll
C:\WINDOWS\system32\nnnolji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nukbqfth.dll
C:\WINDOWS\system32\nukbqfth.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\obwmknxi.dll
C:\WINDOWS\system32\obwmknxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oddwwhvn.exe
C:\WINDOWS\system32\oddwwhvn.exe Has been deleted!

Attempting to delete C:\windows\system32\oiitldsl.exe
C:\windows\system32\oiitldsl.exe Has been deleted!

Attempting to delete C:\windows\system32\oitqnbnw.dll
C:\windows\system32\oitqnbnw.dll Has been deleted!

Attempting to delete C:\windows\system32\ojdoqvdx.exe
C:\windows\system32\ojdoqvdx.exe Has been deleted!

Attempting to delete C:\windows\system32\olqtxsad.exe
C:\windows\system32\olqtxsad.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\otaqwdha.ini
C:\WINDOWS\system32\otaqwdha.ini Has been deleted!

Attempting to delete C:\windows\system32\ovgvfrss.exe
C:\windows\system32\ovgvfrss.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pecmhkdc.dll
C:\WINDOWS\system32\pecmhkdc.dll Has been deleted!

Attempting to delete C:\windows\system32\pflsjqrh.exe
C:\windows\system32\pflsjqrh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjpgaqqp.dll
C:\WINDOWS\system32\pjpgaqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnno.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnyjecn.dll
C:\WINDOWS\system32\pmnyjecn.dll Has been deleted!

Attempting to delete C:\windows\system32\prjjbnuj.exe
C:\windows\system32\prjjbnuj.exe Has been deleted!

Attempting to delete C:\windows\system32\pvbsrogp.exe
C:\windows\system32\pvbsrogp.exe Has been deleted!

Attempting to delete C:\windows\system32\qbyhnxay.exe
C:\windows\system32\qbyhnxay.exe Has been deleted!

Attempting to delete C:\windows\system32\qirqllld.exe
C:\windows\system32\qirqllld.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qjvmnkaa.ini
C:\WINDOWS\system32\qjvmnkaa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qkwtvamq.dll
C:\WINDOWS\system32\qkwtvamq.dll Has been deleted!

Attempting to delete C:\windows\system32\qqstv.bak1
C:\windows\system32\qqstv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qqstv.bak2
C:\windows\system32\qqstv.bak2 Has been deleted!

Attempting to delete C:\windows\system32\qqstv.ini
C:\windows\system32\qqstv.ini Has been deleted!

Attempting to delete C:\windows\system32\qstwa.bak1
C:\windows\system32\qstwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\qstwa.ini
C:\windows\system32\qstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxbgyhrt.dll
C:\WINDOWS\system32\qxbgyhrt.dll Has been deleted!

Attempting to delete C:\windows\system32\rdgoqilo.dll
C:\windows\system32\rdgoqilo.dll Has been deleted!

Attempting to delete C:\windows\system32\rhhgbaov.exe
C:\windows\system32\rhhgbaov.exe Has been deleted!

Attempting to delete C:\windows\system32\rnekbkav.exe
C:\windows\system32\rnekbkav.exe Has been deleted!

Attempting to delete C:\windows\system32\rtkugord.exe
C:\windows\system32\rtkugord.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak1
C:\WINDOWS\system32\rtvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rvudfbln.dll
C:\WINDOWS\system32\rvudfbln.dll Has been deleted!

Attempting to delete C:\windows\system32\rxqemcmh.dll
C:\windows\system32\rxqemcmh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ryyrcatv.dll
C:\WINDOWS\system32\ryyrcatv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sniifkxi.dll
C:\WINDOWS\system32\sniifkxi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sscmyuhb.dll
C:\WINDOWS\system32\sscmyuhb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.dll Has been deleted!

Attempting to delete C:\windows\system32\stbkhppd.dll
C:\windows\system32\stbkhppd.dll Has been deleted!

Attempting to delete C:\windows\system32\stvwa.bak1
C:\windows\system32\stvwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\stvwa.ini
C:\windows\system32\stvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\suhuhspi.dll
C:\WINDOWS\system32\suhuhspi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svmnyjms.dll
C:\WINDOWS\system32\svmnyjms.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\swjiftdp.dll
C:\WINDOWS\system32\swjiftdp.dll Has been deleted!

Attempting to delete C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\tstwa.ini
C:\windows\system32\tstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttlavuqh.exe
C:\WINDOWS\system32\ttlavuqh.exe Has been deleted!

**Llama** · 2008-01-05, 05:17

Attempting to delete C:\windows\system32\txdbbppg.dll
C:\windows\system32\txdbbppg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uexeygti.exe
C:\WINDOWS\system32\uexeygti.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufqdiqog.dll
C:\WINDOWS\system32\ufqdiqog.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unfjwvfd.dll
C:\WINDOWS\system32\unfjwvfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uoxqpvtf.dll
C:\WINDOWS\system32\uoxqpvtf.dll Has been deleted!

Attempting to delete C:\windows\system32\usqetaxl.exe
C:\windows\system32\usqetaxl.exe Has been deleted!

Attempting to delete C:\windows\system32\vaculevs.dll
C:\windows\system32\vaculevs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vcowypym.dll
C:\WINDOWS\system32\vcowypym.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vgxkbxgg.dll
C:\WINDOWS\system32\vgxkbxgg.dll Has been deleted!

Attempting to delete C:\windows\system32\vieoegty.exe
C:\windows\system32\vieoegty.exe Has been deleted!

Attempting to delete C:\windows\system32\voumqsqp.dll
C:\windows\system32\voumqsqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqq.dll Has been deleted!

Attempting to delete C:\windows\system32\vyxejewr.exe
C:\windows\system32\vyxejewr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wigkbtry.dll
C:\WINDOWS\system32\wigkbtry.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wqfutprs.exe
C:\WINDOWS\system32\wqfutprs.exe Has been deleted!

Attempting to delete C:\windows\system32\wrbcjmtt.exe
C:\windows\system32\wrbcjmtt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuutts.dll
C:\WINDOWS\system32\wvuutts.dll Has been deleted!

Attempting to delete C:\windows\system32\wyilrbiv.exe
C:\windows\system32\wyilrbiv.exe Has been deleted!

Attempting to delete C:\windows\system32\xljkllom.exe
C:\windows\system32\xljkllom.exe Has been deleted!

Attempting to delete C:\windows\system32\xlwfaeiu.exe
C:\windows\system32\xlwfaeiu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xthmfrms.dll
C:\WINDOWS\system32\xthmfrms.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxwxy.dll
C:\WINDOWS\system32\yayxwxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yjdxymxw.dll
C:\WINDOWS\system32\yjdxymxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yjxrodkv.dll
C:\WINDOWS\system32\yjxrodkv.dll Has been deleted!

Attempting to delete C:\windows\system32\yrdomwof.exe
C:\windows\system32\yrdomwof.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ysitxjgt.dll
C:\WINDOWS\system32\ysitxjgt.dll Has been deleted!

Attempting to delete C:\windows\system32\yyfdfvip.exe
C:\windows\system32\yyfdfvip.exe Has been deleted!

Performing Repairs to the registry.
Done!

Combo Fix:

ComboFix 08-01-04.1 - Joel Gibson 2008-01-05 15:16:12.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1153 [GMT 13:00]
Running from: C:\Documents and Settings\Joel Gibson\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\aconti.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\ajnbpxyl.ini
C:\WINDOWS\system32\alpfboli.ini
C:\WINDOWS\system32\anwvsmqn.dll
C:\WINDOWS\system32\aueklimu.ini
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bemmthkf.ini
C:\WINDOWS\system32\bfxuyhhp.dll
C:\WINDOWS\system32\bkwgvrvx.ini
C:\WINDOWS\system32\bpxtejwl.ini
C:\WINDOWS\system32\bwslehht.ini
C:\WINDOWS\system32\ckcrcxex.ini
C:\WINDOWS\system32\cpxeumei.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dewjjlxf.ini
C:\WINDOWS\system32\dgfxsyul.dll
C:\WINDOWS\system32\dlymnmii.ini
C:\WINDOWS\system32\drhvrkpm.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drtalrao.ini
C:\WINDOWS\system32\fvjfrqkt.dll
C:\WINDOWS\system32\gfytuphc.ini
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\gjfjqmuh.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\idjvjvif.dll
C:\WINDOWS\system32\ijctcdso.dll
C:\WINDOWS\system32\jewvwjoa.dll
C:\WINDOWS\system32\jleahhwf.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\keotfdcx.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\knnjqgxa.ini
C:\WINDOWS\system32\krayrutd.ini
C:\WINDOWS\system32\kwhpysgt.ini
C:\WINDOWS\system32\lbnlvmom.dll
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lrogoxwn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msivvjin.ini
C:\WINDOWS\system32\msivvjin.ini2
C:\WINDOWS\system32\nebbhfbx.ini
C:\WINDOWS\system32\njqmckym.ini
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.bak2
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nwhlehed.dll
C:\WINDOWS\system32\nyvoscmh.ini
C:\WINDOWS\system32\oelfejmj.ini
C:\WINDOWS\system32\ohaijijx.ini
C:\WINDOWS\system32\oinstnmd.ini
C:\WINDOWS\system32\onnmdgla.ini
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdkjbafu.ini
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qfprbbeb.dll
C:\WINDOWS\system32\qpqyfjiq.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qwcrfxcc.ini
C:\WINDOWS\system32\rpldptmn.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rrdmccej.ini
C:\WINDOWS\system32\snqiyyfq.dll
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\tacdowdk.ini
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.tmp
C:\WINDOWS\system32\ucvidior.dll
C:\WINDOWS\system32\udxbblcm.ini
C:\WINDOWS\system32\vabiekvh.ini
C:\WINDOWS\system32\vegnmtcq.ini
C:\WINDOWS\system32\vonlbupw.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wjldnusv.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wqcuhjxk.ini
C:\WINDOWS\system32\wtvvcmey.ini
C:\WINDOWS\system32\wxogyuck.ini
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\xadrfump.ini
C:\WINDOWS\system32\xdjoyaxv.ini
C:\WINDOWS\system32\xeaalcgi.ini
C:\WINDOWS\system32\xogemuvr.ini
C:\WINDOWS\system32\xvwaovtj.ini
C:\WINDOWS\system32\xxlfdmct.ini
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\LEGACY_SFSYNC02
-------\DomainService
-------\NPF
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 15:16 . 2008-01-05 15:16 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-05 15:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 14:27 . 2008-01-05 14:27 <DIR> d-------- C:\VundoFix Backups
2008-01-05 12:45 . 2008-01-05 13:35 354 ---hs---- C:\WINDOWS\system32\pdtfijws.ini
2008-01-04 11:16 . 2008-01-04 14:57 474 ---hs---- C:\WINDOWS\system32\uxhkfugi.ini
2008-01-03 17:35 . 2008-01-04 11:11 354 ---hs---- C:\WINDOWS\system32\pathcuto.ini
2008-01-03 13:15 . 2008-01-03 13:15 294 ---hs---- C:\WINDOWS\system32\ftvpqxou.ini
2008-01-02 13:56 . 2008-01-02 13:57 354 ---hs---- C:\WINDOWS\system32\cdkhmcep.ini
2008-01-02 12:57 . 2008-01-02 12:57 294 ---hs---- C:\WINDOWS\system32\rwchxlwj.ini
2008-01-01 19:31 . 2008-01-01 20:01 23 --a------ C:\WINDOWS\popcinfot.dat
2008-01-01 15:01 . 2008-01-01 16:39 414 ---hs---- C:\WINDOWS\system32\smjynmvs.ini
2008-01-01 13:19 . 2008-01-01 13:19 294 ---hs---- C:\WINDOWS\system32\sbspyaht.ini
2007-12-31 12:05 . 2007-12-31 12:13 474 ---hs---- C:\WINDOWS\system32\dsvjhpyc.ini
2007-12-31 11:54 . 2007-12-31 11:54 294 ---hs---- C:\WINDOWS\system32\vugtedko.ini
2007-12-31 00:20 . 2007-12-31 00:20 534 ---hs---- C:\WINDOWS\system32\ggxbkxgv.ini
2007-12-30 23:06 . 2007-12-30 23:14 474 ---hs---- C:\WINDOWS\system32\yrqvrpss.ini
2007-12-30 21:57 . 2007-12-30 21:57 <DIR> d--hs---- C:\FOUND.003
2007-12-30 21:14 . 2007-12-30 21:58 354 ---hs---- C:\WINDOWS\system32\byarxcjr.ini
2007-12-30 16:46 . 2007-12-30 16:47 414 ---hs---- C:\WINDOWS\system32\neenoufh.ini
2007-12-30 12:34 . 2007-12-30 16:39 354 ---hs---- C:\WINDOWS\system32\jeptewdh.ini
2007-12-29 20:39 . 2007-12-29 20:39 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Command and Conquer 3 Tiberium Wars
2007-12-29 17:37 . 2007-12-29 18:45 594 ---hs---- C:\WINDOWS\system32\qmavtwkq.ini
2007-12-29 14:10 . 2007-12-29 17:29 474 ---hs---- C:\WINDOWS\system32\clcgywad.ini
2007-12-29 13:18 . 2007-12-29 14:02 354 ---hs---- C:\WINDOWS\system32\kbpyuujh.ini
2007-12-29 00:06 . 2007-12-29 00:06 <DIR> d-------- C:\Games
2007-12-28 21:36 . 2007-12-28 21:36 294 ---hs---- C:\WINDOWS\system32\kuyokutk.ini
2007-12-28 20:11 . 2007-12-28 20:11 294 ---hs---- C:\WINDOWS\system32\nfxuerye.ini
2007-12-28 13:15 . 2007-12-28 16:35 414 ---hs---- C:\WINDOWS\system32\dflxrnqk.ini
2007-12-28 12:30 . 2007-12-28 12:30 294 ---hs---- C:\WINDOWS\system32\etsgefsd.ini
2007-12-28 11:29 . 2007-12-28 11:29 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Winamp
2007-12-28 11:24 . 2007-12-28 11:24 474 ---hs---- C:\WINDOWS\system32\mypywocv.ini
2007-12-28 11:23 . 2007-12-28 11:23 414 ---hs---- C:\WINDOWS\system32\gicnwgfq.ini
2007-12-27 21:15 . 2007-12-28 11:12 354 ---hs---- C:\WINDOWS\system32\hlagnivr.ini
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\The Chosen demo
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Frater
2007-12-27 09:27 . 2007-12-27 09:27 294 ---hs---- C:\WINDOWS\system32\vkdorxjy.ini
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-26 23:00 . 2007-12-26 23:00 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-12-26 23:00 . 2007-12-26 23:00 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-26 23:00 . 2007-12-26 23:00 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-26 21:34 . 2007-12-26 21:34 294 ---hs---- C:\WINDOWS\system32\nacrmimk.ini
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Program Files\COMODO
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Comodo
2007-12-26 18:26 . 2007-12-26 18:26 <DIR> dr-h----- C:\Documents and Settings\Joel Gibson\Application Data\SecuROM
2007-12-26 17:25 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-26 17:25 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-26 17:25 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-26 17:25 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-26 17:21 . 2007-12-26 17:21 354 ---hs---- C:\WINDOWS\system32\trhygbxq.ini
2007-12-26 15:45 . 2007-12-26 15:45 294 ---hs---- C:\WINDOWS\system32\ymxvygsb.ini
2007-12-26 12:20 . 2007-12-26 12:20 294 ---hs---- C:\WINDOWS\system32\dhuxinya.ini
2007-12-25 21:45 . 2007-12-25 21:46 354 ---hs---- C:\WINDOWS\system32\qnyxgbjg.ini
2007-12-25 14:28 . 2007-12-25 14:28 294 ---hs---- C:\WINDOWS\system32\djdnjtrs.ini
2007-12-25 12:48 . 2007-12-25 14:22 354 ---hs---- C:\WINDOWS\system32\goqidqfu.ini
2007-12-24 23:28 . 2007-12-24 23:28 294 ---hs---- C:\WINDOWS\system32\wxmyxdjy.ini
2007-12-24 21:54 . 2007-12-24 21:54 534 ---hs---- C:\WINDOWS\system32\pqqagpjp.ini
2007-12-23 21:39 . 2007-12-24 21:46 474 ---hs---- C:\WINDOWS\system32\efavoych.ini
2007-12-23 21:14 . 2007-12-23 21:14 294 ---hs---- C:\WINDOWS\system32\dbjhaybs.ini
2007-12-21 16:51 . 2007-12-21 16:52 474 ---hs---- C:\WINDOWS\system32\htxmkdvb.ini
2007-12-21 15:48 . 2007-12-21 15:48 414 ---hs---- C:\WINDOWS\system32\opjfihwl.ini
2007-12-21 14:56 . 2007-12-21 15:40 354 ---hs---- C:\WINDOWS\system32\rkfqwxnk.ini
2007-12-20 14:54 . 2007-12-20 14:54 354 ---hs---- C:\WINDOWS\system32\wujevtak.ini
2007-12-20 13:52 . 2007-12-20 13:52 294 ---hs---- C:\WINDOWS\system32\bsjbwpfa.ini
2007-12-20 10:15 . 2007-12-20 10:15 294 ---hs---- C:\WINDOWS\system32\eboefsaf.ini
2007-12-19 19:57 . 2007-12-26 21:15 1,365 --a------ C:\WINDOWS\wininit.ini
2007-12-19 17:52 . 2007-12-19 23:13 294 ---hs---- C:\WINDOWS\system32\smrfmhtx.ini
2007-12-19 11:08 . 2007-12-19 11:08 294 ---hs---- C:\WINDOWS\system32\vtacryyr.ini
2007-12-18 17:50 . 2007-12-18 17:50 294 ---hs---- C:\WINDOWS\system32\pfsgxhdh.ini
2007-12-18 10:49 . 2007-12-18 14:37 294 ---hs---- C:\WINDOWS\system32\yselglkf.ini
2007-12-17 18:31 . 2007-12-17 18:32 114 --a------ C:\WINDOWS\system32\jpirvbvj.dat
2007-12-17 18:28 . 2007-12-17 18:28 294 ---hs---- C:\WINDOWS\system32\nlbfduvr.ini
2007-12-17 08:42 . 2007-12-17 08:42 294 ---hs---- C:\WINDOWS\system32\eixqbsef.ini
2007-12-11 21:53 . 2007-12-11 21:53 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-11 12:54 . 2007-12-11 12:54 294 ---hs---- C:\WINDOWS\system32\bhuymcss.ini
2007-12-10 14:26 . 2007-12-10 14:27 <DIR> d-------- C:\Program Files\Aquaria
2007-12-10 12:49 . 2007-12-10 12:49 354 ---hs---- C:\WINDOWS\system32\yrtbkgiw.ini
2007-12-10 12:28 . 2007-12-10 12:28 294 ---hs---- C:\WINDOWS\system32\xknclkxi.ini
2007-12-08 19:02 . 2007-12-08 19:02 354 ---hs---- C:\WINDOWS\system32\dwqjjjkl.ini
2007-12-08 19:00 . 2007-12-08 19:02 294 ---hs---- C:\WINDOWS\system32\jgyhbqod.ini
2007-12-08 17:14 . 2007-12-08 17:14 294 ---hs---- C:\WINDOWS\system32\ixnkmwbo.ini
2007-12-07 16:00 . 2007-12-07 16:00 294 ---hs---- C:\WINDOWS\system32\mvpvgokd.ini
2007-12-07 01:19 . 2007-12-07 01:19 354 ---hs---- C:\WINDOWS\system32\amhnxale.ini
2007-12-06 22:29 . 2007-12-06 22:29 294 ---hs---- C:\WINDOWS\system32\upfydvsg.ini
2007-12-06 16:37 . 2007-12-06 16:38 354 ---hs---- C:\WINDOWS\system32\dfvwjfnu.ini
2007-12-06 16:15 . 2007-12-06 16:15 294 ---hs---- C:\WINDOWS\system32\jhyuhsgj.ini
2007-12-05 18:31 . 2007-12-05 18:32 294 ---hs---- C:\WINDOWS\system32\ipshuhus.ini
2007-12-05 15:56 . 2007-12-05 16:44 294 ---hs---- C:\WINDOWS\system32\tgjxtisy.ini

**Llama** · 2008-01-05, 05:18

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 03:05 122,432 ----a-w C:\WINDOWS\system32\epgtmelk.dll
2007-11-26 06:30 --------- d-----w C:\Program Files\Fredryk Phantasy
2007-11-24 02:23 1,128 ----a-w C:\Program Files\log.dat
2007-11-23 08:30 --------- d-----w C:\Documents and Settings\Joel Gibson\Application Data\mIRC
2007-11-22 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-11-08 21:14 --------- d-----w C:\Program Files\Synaesthete
2007-10-30 16:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 14:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-19 22:34 53,880,837 ----a-w C:\Program Files\LastStandInstall.exe
2007-10-19 10:14 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-24 08:18 57,992 ----a-w C:\Documents and Settings\Joel Gibson\Application Data\GDIPFONTCACHEV1.DAT
2006-12-20 01:05 35,511 ----a-w C:\Program Files\ReadMe.txt
2004-11-08 20:22 929,792 ----a-w C:\Program Files\SCZ.exe
2001-11-22 23:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-18 11:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-18 04:22 694,076 --sh--w C:\WINDOWS\system32\sewmrqnq.ini2
2007-09-25 07:28 693,472 --sh--w C:\WINDOWS\system32\csvroaew.ini2
2007-08-18 11:41 88 --sh--r C:\WINDOWS\system32\77052A6FA7.sys
2007-09-24 07:28 693,472 --sh--w C:\WINDOWS\system32\orkxndag.ini2
2007-09-22 06:43 693,601 --sh--w C:\WINDOWS\system32\emaflsao.ini2
2007-09-27 09:52 693,481 --sh--w C:\WINDOWS\system32\fsswttnt.ini2
.

Code:

<pre>
----a-w         5,434,579 2005-01-26 23:28:00  C:\Program Files\STI\SPIRIT_Custom\Media\84fb7ffc-18bf-4c8c-8644-3d20ba784bb8\Programs\SPIRIT 12 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE4E0AAE-947C-4C6D-A58C-11531F18F615}]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-12-19 16:40 28672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-21 04:16 37376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-26 23:00 1481472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\120512e4]
rundll32.exe C:\WINDOWS\system32\swjiftdp.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 11:09 63712 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig]
C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe C:\WINDOWS\system32\vwbpbgwi.dll,forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshost.exe]
C:\WINDOWS\system32\winshost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"rpcapd"=3 (0x3)
"Pctspk"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Fax"=2 (0x2)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-26 23:00]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-26 23:00]
R2 CbmDev1;CbmDev1;C:\WINDOWS\system32\drivers\CbmDev1.sys [1998-01-16 08:43]
R2 CbmDev2;CbmDev2;C:\WINDOWS\system32\drivers\CbmDev2.sys [1998-01-16 08:43]
R2 CbmDev3;CbmDev3;C:\WINDOWS\system32\drivers\CbmDev3.sys [1998-01-16 08:43]
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:49:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-05 16:50:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 03:50:48
.
2008-01-04 23:28:54 --- E O F ---

**ken545** · 2008-01-05, 16:29

Llama,

Let me tell you whats going on, a few years ago if you caught a malware program or a virus, we ran a tool, deleted a few files and and you where on your way , BUT THAT'S ALL CHANGED This garbage is becoming more difficult to remove as each day goes by.

Had this for a while now and is more of an annoyance than a problem.

Actually, you have this reversed, THIS IS A MAJOR PROBLEM This infection has also infected one of your programs and could be putting this stuff back as we remove it.
C:\Program Files\STI\SPIRIT_Custom <-- This program is infected and you may have to uninstall it when we are done here.

What I need you to do is to delete the current copy of Combofix and download the new Beta Version.
Download it Here
http://download.bleepingcomputer.com...a/ComboFix.exe

Then do this.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\FOUND.003
C:\WINDOWS\popcinfot.dat
C:\WINDOWS\system32\pdtfijws.ini
C:\WINDOWS\system32\uxhkfugi.ini
C:\WINDOWS\system32\pathcuto.ini
C:\WINDOWS\system32\ftvpqxou.ini
C:\WINDOWS\system32\cdkhmcep.ini
C:\WINDOWS\system32\rwchxlwj.ini
C:\WINDOWS\system32\smjynmvs.ini
C:\WINDOWS\system32\sbspyaht.ini
C:\WINDOWS\system32\dsvjhpyc.ini
C:\WINDOWS\system32\vugtedko.ini
C:\WINDOWS\system32\ggxbkxgv.ini
C:\WINDOWS\system32\yrqvrpss.ini
C:\WINDOWS\system32\byarxcjr.ini
C:\WINDOWS\system32\neenoufh.ini
C:\WINDOWS\system32\jeptewdh.ini
C:\WINDOWS\system32\qmavtwkq.ini
C:\WINDOWS\system32\clcgywad.ini
C:\WINDOWS\system32\kbpyuujh.ini
C:\WINDOWS\system32\kuyokutk.ini
C:\WINDOWS\system32\nfxuerye.ini
C:\WINDOWS\system32\dflxrnqk.ini
C:\WINDOWS\system32\etsgefsd.ini
C:\WINDOWS\system32\mypywocv.ini
C:\WINDOWS\system32\gicnwgfq.ini
C:\WINDOWS\system32\hlagnivr.ini
C:\WINDOWS\system32\vkdorxjy.ini
C:\WINDOWS\system32\nacrmimk.ini
C:\WINDOWS\system32\trhygbxq.ini
C:\WINDOWS\system32\ymxvygsb.ini
C:\WINDOWS\system32\dhuxinya.ini
C:\WINDOWS\system32\qnyxgbjg.ini
C:\WINDOWS\system32\djdnjtrs.ini
C:\WINDOWS\system32\goqidqfu.ini
C:\WINDOWS\system32\wxmyxdjy.ini
C:\WINDOWS\system32\pqqagpjp.ini
C:\WINDOWS\system32\efavoych.ini
C:\WINDOWS\system32\dbjhaybs.ini
C:\WINDOWS\system32\htxmkdvb.ini
C:\WINDOWS\system32\opjfihwl.ini
C:\WINDOWS\system32\rkfqwxnk.ini
C:\WINDOWS\system32\wujevtak.ini
C:\WINDOWS\system32\bsjbwpfa.ini
C:\WINDOWS\system32\eboefsaf.ini
C:\WINDOWS\system32\smrfmhtx.ini
C:\WINDOWS\system32\vtacryyr.ini
C:\WINDOWS\system32\pfsgxhdh.ini
C:\WINDOWS\system32\yselglkf.ini
C:\WINDOWS\system32\jpirvbvj.dat
C:\WINDOWS\system32\nlbfduvr.ini
C:\WINDOWS\system32\eixqbsef.ini
C:\WINDOWS\system32\yrtbkgiw.ini
C:\WINDOWS\system32\xknclkxi.ini
C:\WINDOWS\system32\dwqjjjkl.ini
C:\WINDOWS\system32\jgyhbqod.ini
C:\WINDOWS\system32\ixnkmwbo.ini
C:\WINDOWS\system32\mvpvgokd.ini
C:\WINDOWS\system32\amhnxale.ini
C:\WINDOWS\system32\upfydvsg.ini
C:\WINDOWS\system32\dfvwjfnu.ini
C:\WINDOWS\system32\jhyuhsgj.ini
C:\WINDOWS\system32\ipshuhus.ini
C:\WINDOWS\system32\tgjxtisy.ini
C:\WINDOWS\system32\epgtmelk.dll
C:\WINDOWS\system32\sewmrqnq.ini2
C:\WINDOWS\system32\csvroaew.ini2
C:\WINDOWS\system32\77052A6FA7.sys
C:\WINDOWS\system32\orkxndag.ini2
C:\WINDOWS\system32\emaflsao.ini2
C:\WINDOWS\system32\fsswttnt.ini2
C:\WINDOWS\system32\vwbpbgwi.dll
C:\WINDOWS\system32\winshost.exe

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE4E0AAE-947C-4C6D-A58C-11531F18F615}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\120512e4]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshost.exe]

RenV::
----a-w 5,434,579 2005-01-26 23:28:00 C:\Program Files\STI\SPIRIT_Custom\Media\84fb7ffc-18bf-4c8c-8644-3d20ba784bb8\Programs\SPIRIT 12 .exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Then I need you to run this online scanner.

ESET Online Scanner

Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start

The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button

The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the :\Program Files\EsetOnlineScanner\log.txt back here.

Let me see the New Combofix log, the ESET log and a New HJT log please

**Llama** · 2008-01-06, 04:09

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2766 (20080104)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=079d42dd4cbdd940a103de5ba56b20d0
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-06 01:32:53
# local_time=2008-01-06 02:32:53 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# osver=5.1.2600 NT Service Pack 2
# scanned=361535
# found=234
# scan_time=4178
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080105-142537-477.dll Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP249\A0099848.DLL Win32/Adware.Virtumonde application 87E1F53F822A401423588A09CF5E923B
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100796.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100797.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100799.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100800.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100807.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100808.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100809.dll Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100810.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100811.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100812.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100813.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100817.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100818.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100819.dll probably a variant of Win32/Adware.BHO.V application 88DBBE426F0B26335528535562E23200
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100821.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100823.dll Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100824.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100825.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100826.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100827.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100830.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100831.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100832.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100833.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100834.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100835.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100836.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100838.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100839.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100840.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100841.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100845.dll probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100847.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100848.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100849.dll Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100850.dll Win32/Adware.Virtumonde application 6F468B0EC2E9F21DAC962AE00BA71880
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100852.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100854.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100855.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100856.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100857.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100858.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100859.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100860.dll probably a variant of Win32/Adware.BHO.V application 88DBBE426F0B26335528535562E23200
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100861.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100862.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100863.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100864.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100865.dll probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100867.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100868.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100869.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100870.dll probably a variant of Win32/Adware.BHO.V application A4B6E07148A096E45C5586BFE11738DD
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100871.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100872.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100874.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100876.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100877.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100883.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100884.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100885.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100886.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100891.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100892.dll Win32/Adware.BHO.V application 3ECFCD051382B8060F9AD55619B335B0
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100893.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100894.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100895.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100897.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100898.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100899.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100901.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100903.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100905.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100909.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100910.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100911.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100912.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100913.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100915.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100916.dll probably a variant of Win32/Adware.BHO.V application A4B6E07148A096E45C5586BFE11738DD
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100919.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100920.dll probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100921.dll Win32/Adware.Virtumonde application E9E25FBE4AA26FB6FA462C6D2D40C6F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100922.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF

**Llama** · 2008-01-06, 04:12

0\A0100923.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100924.exe Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100925.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100926.dll probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100927.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100928.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100929.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100930.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100931.dll probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100932.dll Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100934.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100935.dll Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP250\A0100936.exe Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101087.dll probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101088.dll Win32/Adware.BHO.V application 942A5909310A5DF0A30112B7C96A3686
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101089.dll probably a variant of Win32/Adware.BHO.V application 63E224097D0D4E3DAD3C762024A83DB1
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101090.dll probably a variant of Win32/Adware.BHO.V application BCCB566A1BABC9041BC6338BC2C4BB80
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101091.dll Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101092.dll probably a variant of Win32/Adware.BHO.V application EBEDEEDEA62290C49DCA6B0976861753
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101093.dll Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101094.dll probably a variant of Win32/Adware.BHO.V application 63E224097D0D4E3DAD3C762024A83DB1
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101095.dll probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101096.dll probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101097.dll probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101098.dll Win32/Adware.BHO.V application 05928220329361095DECA53F58AC67D4
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101099.dll Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101100.dll probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101101.dll probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101102.dll Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101103.dll probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP251\A0101176.exe a variant of Win32/Dialer.ALifeDialer application 35EB365579475048AA24C8D4DD075CD6
C:\System Volume Information\_restore{EEB4F3AE-BAF9-41B0-86FD-73AF6AD6D142}\RP252\A0101562.dll Win32/Adware.BHO.V application FAAAC92FB9D00BE42EC54816CA943EAB
C:\QooBox\Quarantine\C\WINDOWS\aconti.exe.vir a variant of Win32/Dialer.ALifeDialer application 35EB365579475048AA24C8D4DD075CD6
C:\QooBox\Quarantine\C\WINDOWS\system32\anwvsmqn.dll.vir probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\QooBox\Quarantine\C\WINDOWS\system32\bfxuyhhp.dll.vir Win32/Adware.BHO.V application 942A5909310A5DF0A30112B7C96A3686
C:\QooBox\Quarantine\C\WINDOWS\system32\dgfxsyul.dll.vir probably a variant of Win32/Adware.BHO.V application 63E224097D0D4E3DAD3C762024A83DB1
C:\QooBox\Quarantine\C\WINDOWS\system32\drhvrkpm.dll.vir probably a variant of Win32/Adware.BHO.V application BCCB566A1BABC9041BC6338BC2C4BB80
C:\QooBox\Quarantine\C\WINDOWS\system32\fvjfrqkt.dll.vir Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\QooBox\Quarantine\C\WINDOWS\system32\idjvjvif.dll.vir probably a variant of Win32/Adware.BHO.V application EBEDEEDEA62290C49DCA6B0976861753
C:\QooBox\Quarantine\C\WINDOWS\system32\ijctcdso.dll.vir Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\QooBox\Quarantine\C\WINDOWS\system32\jewvwjoa.dll.vir probably a variant of Win32/Adware.BHO.V application 63E224097D0D4E3DAD3C762024A83DB1
C:\QooBox\Quarantine\C\WINDOWS\system32\jleahhwf.dll.vir probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\QooBox\Quarantine\C\WINDOWS\system32\keotfdcx.dll.vir probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\QooBox\Quarantine\C\WINDOWS\system32\lbnlvmom.dll.vir probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\QooBox\Quarantine\C\WINDOWS\system32\lrogoxwn.dll.vir Win32/Adware.BHO.V application 05928220329361095DECA53F58AC67D4
C:\QooBox\Quarantine\C\WINDOWS\system32\nwhlehed.dll.vir Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\QooBox\Quarantine\C\WINDOWS\system32\qfprbbeb.dll.vir probably a variant of Win32/Adware.BHO.V application 29B3460D91FB2A58C161A8FC18EB18BF
C:\QooBox\Quarantine\C\WINDOWS\system32\snqiyyfq.dll.vir probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\QooBox\Quarantine\C\WINDOWS\system32\ucvidior.dll.vir Win32/Adware.BHO.V application D7F4745B2162189AEB24EEE6B53AB0F3
C:\QooBox\Quarantine\C\WINDOWS\system32\wjldnusv.dll.vir probably a variant of Win32/Adware.BHO.V application 802E6EFC0E5B2A7B3D57DB0C89E2ED20
C:\QooBox\Quarantine\C\WINDOWS\system32\epgtmelk.dll.vir Win32/Adware.BHO.V application FAAAC92FB9D00BE42EC54816CA943EAB
C:\QooBox\Quarantine\C\VundoFix Backups\aaknmvjq.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\adlsnobs.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\ajonptpu.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\alhtvotv.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\becwkcjv.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\bolfucxa.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\bvdkmxth.dll.bad.vir Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\QooBox\Quarantine\C\VundoFix Backups\bvqibiym.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\chglhuof.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\cwetqyra.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\cxokrsci.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\dmogiavb.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\dpqjsxib.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\dvlqgali.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 88DBBE426F0B26335528535562E23200
C:\QooBox\Quarantine\C\VundoFix Backups\elaxnhma.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\fasfeobe.dll.bad.vir Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\QooBox\Quarantine\C\VundoFix Backups\fdjnrltd.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\fesbqxie.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\fklglesy.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\fsfcwhtx.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\geqqsquo.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\gjbgxynq.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\gjifoxau.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\gqvrmqup.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\gykxqafx.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\hdhxgsfp.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\hfsdbvnc.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\hlmkucft.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\hquvjuap.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\hrollkox.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\igpibhxt.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\jkkhhhh.dll.bad.vir probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\QooBox\Quarantine\C\VundoFix Backups\jrodkada.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\kacrvcyg.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\katvejuw.dll.bad.vir Win32/Adware.Virtumonde application 9018245957ACD18A1A6F30401A9D60F2
C:\QooBox\Quarantine\C\VundoFix Backups\kmimrcan.dll.bad.vir Win32/Adware.Virtumonde application 6F468B0EC2E9F21DAC962AE00BA71880
C:\QooBox\Quarantine\C\VundoFix Backups\krxrmntp.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\lacfywqk.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\lgwtldka.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\lkjjjqwd.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\lsobirnp.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\lweibfwf.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\lxglswgq.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\lypgbkip.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 88DBBE426F0B26335528535562E23200
C:\QooBox\Quarantine\C\VundoFix Backups\mecdfdko.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\mfosuqis.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\mrykioey.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\naajkicb.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\nnnolji.dll.bad.vir probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\QooBox\Quarantine\C\VundoFix Backups\obwmknxi.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\oddwwhvn.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\oiitldsl.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\oitqnbnw.dll.bad.vir probably a variant of Win32/Adware.BHO.V application A4B6E07148A096E45C5586BFE11738DD
C:\QooBox\Quarantine\C\VundoFix Backups\ojdoqvdx.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\olqtxsad.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\ovgvfrss.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\pflsjqrh.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\pjpgaqqp.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\prjjbnuj.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\pvbsrogp.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\qbyhnxay.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\qirqllld.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\qxbgyhrt.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\rdgoqilo.dll.bad.vir Win32/Adware.BHO.V application 3ECFCD051382B8060F9AD55619B335B0
C:\QooBox\Quarantine\C\VundoFix Backups\rhhgbaov.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\rnekbkav.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\rtkugord.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\rvudfbln.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\rxqemcmh.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\ryyrcatv.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\sscmyuhb.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\stbkhppd.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\suhuhspi.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\ttlavuqh.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\txdbbppg.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\uexeygti.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\ufqdiqog.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\unfjwvfd.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\usqetaxl.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\vaculevs.dll.bad.vir probably a variant of Win32/Adware.BHO.V application A4B6E07148A096E45C5586BFE11738DD
C:\QooBox\Quarantine\C\VundoFix Backups\vieoegty.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\voumqsqp.dll.bad.vir probably a variant of Win32/Adware.BHO.V application 941B446C31C348FB23505FD762A103D8
C:\QooBox\Quarantine\C\VundoFix Backups\vtsqq.dll.bad.vir Win32/Adware.Virtumonde application E9E25FBE4AA26FB6FA462C6D2D40C6F3
C:\QooBox\Quarantine\C\VundoFix Backups\vyxejewr.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\wigkbtry.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\wqfutprs.exe.bad.vir Win32/Adware.Ezula application 0720FC4070811E7307B3A0AF91E77370
C:\QooBox\Quarantine\C\VundoFix Backups\wrbcjmtt.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\wvuutts.dll.bad.vir probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701

**Llama** · 2008-01-06, 04:16

C:\QooBox\Quarantine\C\VundoFix Backups\wyilrbiv.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\xljkllom.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\xlwfaeiu.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\xthmfrms.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\yayxwxy.dll.bad.vir probably a variant of Win32/Adware.Agent application 76D632B1AA4482D9407CA7B026FC6701
C:\QooBox\Quarantine\C\VundoFix Backups\yjdxymxw.dll.bad.vir Win32/Adware.Virtumonde application 8E42F21596E50EBD6D301354D81A0FE5
C:\QooBox\Quarantine\C\VundoFix Backups\yrdomwof.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF
C:\QooBox\Quarantine\C\VundoFix Backups\ysitxjgt.dll.bad.vir Win32/Adware.Virtumonde application 47999C384644C3AC88A3F7FBACD0C527
C:\QooBox\Quarantine\C\VundoFix Backups\yyfdfvip.exe.bad.vir Win32/TrojanDownloader.Tiny.ID trojan 0C86132A8EE6A7B9056930A90396BBDF

====================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:35 p.m., on 6/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4913 bytes

Thread: Vitumonde

Thread Tools

Display

Vitumonde

Vundofix, combofix and new HJT log

logs continued

vundofix log continued + partial combo fix log

rest of combofix log... whew!

logs (1st 1/2 of eset online)

2nd 1/2 of eset online scan (minus a bit thats in the next post)

last bit of eset online scan + HJT log + combofix log

Posting Permissions