A lot of malware problems

Hi

Yes, you should.

If that entry is still there, we'll remove it by other means.
 
Hi Shaba, when I tried to delete the file:

C:Documents and settings|AVIFUS~1\application data\system

I got an error message that "access is denied" can't delete attrib.exe

The others deleted OK.

Here is the RAPPORT.TXT log

SmitFraudFix v2.211

Scan done at 10:25:11.60, Sun 08/12/2007
Run from C:\Documents and Settings\Avi Fuss\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\AVIFUS~1\APPLIC~1\YSTEM~1\attrib.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

192.168.200.3 download.microsoft.com
192.168.200.3 downloads.microsoft.com
192.168.200.3 go.microsoft.com
192.168.200.3 microsoft.com
192.168.200.3 msdn.microsoft.com
192.168.200.3 office.microsoft.com
192.168.200.3 support.microsoft.com
192.168.200.3 windowsupdate.microsoft.com
192.168.200.3 www.microsoft.com
192.168.200.3 pandasoftware.com
192.168.200.3 www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Avi Fuss


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Avi Fuss\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AVIFUS~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN\\profsywu.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\hrum167.txt"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.29.103.10
DNS Server Search Order: 24.29.103.11

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AEFDE037-0E69-40ED-9F9F-ACF44846B505}: DhcpNameServer=24.29.103.10 24.29.103.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AEFDE037-0E69-40ED-9F9F-ACF44846B505}: DhcpNameServer=24.29.103.10 24.29.103.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0D82734-0FAF-43E9-AE26-F60462A51856}: DhcpNameServer=163.244.194.254 163.244.212.254 163.244.252.244
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.10 24.29.103.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.29.103.10 24.29.103.11


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Here is the ComboFix log:

ComboFix 07-08-09.3 - "Avi Fuss" 2007-08-12 10:17:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.124 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1\?ystem\
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1\attrib.exe
C:\DOCUME~1\AVIFUS~1\Desktop.\Find Spyware Remover.lnk
C:\DOCUME~1\AVIFUS~1\Desktop.\Free Online Dating.lnk
C:\DOCUME~1\AVIFUS~1\Desktop.\Go to Casino.lnk
C:\DOCUME~1\AVIFUS~1\Desktop\Download WinAntiSpyware 2007 Free.lnk
C:\DOCUME~1\AVIFUS~1\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\AVIFUS~1\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\AVIFUS~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\DOCUME~1\AVIFUS~1\STARTM~1\Programs\Startup.\system.exe
C:\Program Files\MSN\profsywu.html
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-10 14:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 13:59 <DIR> d---s---- C:\DOCUME~1\Tali\UserData
2007-08-09 13:56 <DIR> d-------- C:\DOCUME~1\Tali\APPLIC~1\Google
2007-08-09 13:53 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-08-08 21:07 <DIR> d---s---- C:\DOCUME~1\Ima\UserData
2007-08-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-08-08 21:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-08 21:07 <DIR> d-------- C:\Program Files\Dell Support
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Xerox
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Symantec
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Sonic
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Real
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Nikon
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Jasc Software Inc
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Gtek
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Google
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\F-Secure
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\AdobeUM
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Gtek
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
2007-08-08 20:40 <DIR> d-------- C:\DOCUME~1\Abba\APPLIC~1\Apple Computer
2007-08-08 16:49 <DIR> d-------- C:\Program Files\Lavasoft(2)
2007-08-08 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-08 16:35 <DIR> d-------- C:\DOCUME~1\Guest\UserData
2007-08-08 16:31 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Lavasoft
2007-08-08 15:43 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-08 15:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-08-08 15:39 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\GTek(2)
2007-08-07 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-07 20:11 <DIR> d-------- C:\Program Files\DellSupport


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 21:07 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\Lavasoft
2007-08-08 21:06 --------- d--h----- C:\DOCUME~1\AVIFUS~1\APPLIC~1\GTek
2007-08-07 14:04 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\BitTorrent
2007-07-09 11:33 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\AdobeUM
2007-07-01 22:31 --------- d-------- C:\Program Files\Winamp
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 23:35]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-05 21:50]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 22:37]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 13:42]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 17:37]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-05-19 13:55]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-02 18:37]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 10:51]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 09:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-23 17:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"HostManager"="C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe" [2006-04-20 13:10]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-30 22:07]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 13:10]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-09-29 22:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 11:38]
"Vaarr"="C:\Program Files\Common Files\?ssembly\?pool32.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

C:\Documents and Settings\Avi Fuss\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE [2006-04-25 22:06:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
F-Secure Anti-Virus 2006.lnk - C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe [2005-12-14 20:42:44]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Scan Button.lnk - C:\SCANNER\EXE32\DETECTON.EXE [2004-07-29 23:31:57]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\profsywu.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum167.txt

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 iaStor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iaStor.sys
R2 BackWeb Plug-in - 4476822;F-Secure Anti-Virus 2006;C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
R2 DgivEcp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgivEcp.Sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys
S3 Jukebox;Jukebox;C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c6bd32-af1c-11db-9fbe-0011112826b8}]
AutoRun\command- G:\CA_Install.exe


Contents of the 'Scheduled Tasks' folder
2007-08-12 02:24:04 C:\WINDOWS\Tasks\Scheduled scanning task.job
2004-12-24 18:42:14 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 10:21:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 10:23:08
C:\ComboFix-quarantined-files.txt ... 2007-08-12 10:22
C:\ComboFix2.txt ... 2007-08-11 23:03
C:\ComboFix3.txt ... 2007-08-10 14:45

--- E O F ---
 
And here is the HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:24 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\AVIFUS~1\APPLIC~1\YSTEM~1\attrib.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Avi Fuss\Desktop\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vaarr] "C:\Program Files\Common Files\?ssembly\?pool32.exe"
O4 - Startup: Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scan Button.lnk = C:\SCANNER\EXE32\DETECTON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endeavors.com/autodesk/acad2006/clientdownloads/OTAI.CAB
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum167.txt
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Hi

"C:Documents and settings|AVIFUS~1\application data\system

I got an error message that "access is denied" can't delete attrib.exe

The others deleted OK."

Combofix deleted it:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1\?ystem\
C:\DOCUME~1\AVIFUS~1\APPLIC~1.\ystem~1\attrib.exe

Looks like that some already deleted stuff is back, that's why keep computer offline as much as possible (=unplug network cable) or we won't get this cleaned.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\hrum167.txt

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vaarr"=-
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete... under Browsing History.
  • Next to Temporary Internet Files, click Delete files, and then click OK.
  • Next to Cookies, click Delete cookies, and then click OK.
  • Next to History, click Delete history, and then click OK.
  • Click the Close button.
  • Click OK.
For Internet Explorer 4.x - 6.x
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
For Netscape 4.x and Up
  • Click Edit from the Netscape menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the triangle sign.
  • Click Cache.
  • Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
  • Click Edit from the Mozilla menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the plus sign.
  • Click Cache.
  • Click the Clear Cache button.
For Opera
  • Click File from the Opera menubar.
  • Click Preferences... from the File menu.
  • Click the History and Cache menu.
  • Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
  • Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Unselect Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      scanavgjk2.jpg
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Please post:
  1. combofix report
  2. AVG Anti-Spyware log
  3. A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
 
Shaba, I have to leave for the day, and since these instructions will take time to do, I will leave the computer off-line, and do them when I get back later. I don't want to leave you wondering if I've disappeared - I'm still here, and thank you so much for all your amazing help so far!
 
Hi Shaba, here is the new ComboFix log. I think that when the AVG scan was running, I'm pretty sure I noticed it scanning the hrum167.txt file in the system32 directory.

ComboFix 07-08-09.3 - "Avi Fuss" 2007-08-12 23:36:43.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.129 [GMT -4:00]
Command switches used :: C:\Documents and Settings\Avi Fuss\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\hrum167.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\hrum167.txt


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-12 10:25 4,522 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-08-12 10:24 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-08-12 10:24 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-08-12 10:24 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-08-10 14:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 13:59 <DIR> d---s---- C:\DOCUME~1\Tali\UserData
2007-08-09 13:56 <DIR> d-------- C:\DOCUME~1\Tali\APPLIC~1\Google
2007-08-09 13:53 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-08-08 21:07 <DIR> d---s---- C:\DOCUME~1\Ima\UserData
2007-08-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-08-08 21:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-08 21:07 <DIR> d-------- C:\Program Files\Dell Support
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Xerox
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Symantec
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Sonic
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Real
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Nikon
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Jasc Software Inc
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Gtek
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\Google
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\F-Secure
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Ima\APPLIC~1\AdobeUM
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Gtek
2007-08-08 21:07 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
2007-08-08 20:40 <DIR> d-------- C:\DOCUME~1\Abba\APPLIC~1\Apple Computer
2007-08-08 16:49 <DIR> d-------- C:\Program Files\Lavasoft(2)
2007-08-08 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-08 16:35 <DIR> d-------- C:\DOCUME~1\Guest\UserData
2007-08-08 16:31 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Lavasoft
2007-08-08 15:43 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-08 15:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-08-08 15:39 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\GTek(2)
2007-08-07 22:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-07 20:11 <DIR> d-------- C:\Program Files\DellSupport


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 17:07 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\BitTorrent
2007-08-08 21:07 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\Lavasoft
2007-08-08 21:06 --------- d--h----- C:\DOCUME~1\AVIFUS~1\APPLIC~1\GTek
2007-07-09 11:33 --------- d-------- C:\DOCUME~1\AVIFUS~1\APPLIC~1\AdobeUM
2007-07-01 22:31 --------- d-------- C:\Program Files\Winamp
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 23:35]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-05 21:50]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 22:37]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 13:42]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-12-18 17:37]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 08:58]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-05-19 13:55]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2005-06-02 18:37]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [2005-07-18 10:51]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [2005-08-23 09:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-23 17:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"HostManager"="C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe" [2006-04-20 13:10]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-30 22:07]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-04-20 13:10]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-09-29 22:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 11:38]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

C:\Documents and Settings\Avi Fuss\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE [2006-04-25 22:06:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
F-Secure Anti-Virus 2006.lnk - C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe [2005-12-14 20:42:44]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Scan Button.lnk - C:\SCANNER\EXE32\DETECTON.EXE [2004-07-29 23:31:57]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\profsywu.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hrum167.txt

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 iaStor;Intel AHCI Controller;C:\WINDOWS\system32\drivers\iaStor.sys
R2 BackWeb Plug-in - 4476822;F-Secure Anti-Virus 2006;C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
R2 DgivEcp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgivEcp.Sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;C:\WINDOWS\system32\DRIVERS\hpusbwdm.sys
S3 Jukebox;Jukebox;C:\WINDOWS\system32\DRIVERS\ctpdusb2.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c6bd32-af1c-11db-9fbe-0011112826b8}]
AutoRun\command- G:\CA_Install.exe


Contents of the 'Scheduled Tasks' folder
2007-08-13 00:01:08 C:\WINDOWS\Tasks\Scheduled scanning task.job
2004-12-24 18:42:14 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 23:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 23:41:55
C:\ComboFix-quarantined-files.txt ... 2007-08-12 23:41
C:\ComboFix2.txt ... 2007-08-12 10:23
C:\ComboFix3.txt ... 2007-08-11 23:03

--- E O F ---
 
And here is the first part of the AVG scan. That took a very long time, and looked like it found a lot.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:50:16 AM 8/13/2007

+ Scan result:



C:\QooBox\Quarantine\C\Program Files\BHO\plugin1.dll.vir -> Adware.Adsor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066771.dll -> Adware.Adsor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074585.dll -> Adware.Adsor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080031.dll -> Adware.Adsor : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\win\bw72.exe.vir -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079711.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\offun.exe.vir -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066773.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074587.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079718.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Magicantispy\Magicantispy0.dll.vir -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Magicantispy\Magicantispy1.dll.vir -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Magicantispy\Magicantispy3.dll.vir -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080025.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080026.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080027.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Magicantispy\Magicantispy0.my.vir -> Adware.DrAntispy : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5NIFDTFP\skna455101[1].exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\hokepocen455101.dll.vir -> Adware.TTC : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\hokepocen83122.dll.vir -> Adware.TTC : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\A1\kmhp83122.exe.vir -> Adware.TTC : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\skna455101.exe.vir -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066831.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066833.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066836.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074624.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074626.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074629.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079686.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079687.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080035.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080056.exe -> Adware.TTC : Cleaned with backup (quarantined).
C:\Documents and Settings\Tali\Local Settings\Temporary Internet Files\Content.IE5\A98FUPE5\ucleaner_setup[1].exe -> Adware.UltimateDefender : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir -> Adware.UltimateDefender : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0077633.exe -> Adware.UltimateDefender : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079648.exe -> Adware.UltimateDefender : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066782.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074596.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\MediaGateway.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lcinstaller.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IDSXMP0N\TISKY008[1].exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066784.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066785.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074598.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074599.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0076566.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079726.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080201.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079725.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys.vir -> Downloader.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079681.sys -> Downloader.Agent.acl : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\retadpu[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IDSXMP0N\retadpu[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR2JMBOX\retadpu[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066776.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074590.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079676.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP943\A0074042.exe -> Downloader.PurityScan : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066781.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074595.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0076612.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079671.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079673.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\RACLE~1\ping.exe.vir -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079702.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\user9[1].exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR2JMBOX\user10[2].exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ldcore(3).dll.vir -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ldcore.dll.vir -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\user10.exe.vir -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\qsxbj0578.exe.vir -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0075088.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079715.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080051.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080054.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080055.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP943\A0074039.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP945\A0079617.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wmvds32.dll.vir -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079717.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0076592.exe -> Downloader.Zlob.bqw : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR2JMBOX\install[2].exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/install.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079856.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079865.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\Z2\x55.exe.vir -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\dlgabrk.exe.vir -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079682.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080033.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dnsersnd.dll.vir -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066834.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074627.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079714.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\BHO\uninstall.exe.vir -> Hijacker.Small.iz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066772.exe -> Hijacker.Small.iz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074586.exe -> Hijacker.Small.iz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080032.exe -> Hijacker.Small.iz : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\MSN\lavuj.dll.vir -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066832.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074625.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079685.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IDSXMP0N\ie_ban[1].exe -> Hijacker.VB.po : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ie_ban.exe.vir -> Hijacker.VB.po : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066844.exe -> Hijacker.VB.po : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074633.exe -> Hijacker.VB.po : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079742.exe -> Hijacker.VB.po : Cleaned with backup (quarantined).
 
Second part of the AVG scan:

C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066779.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074593.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079705.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066829.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-08-10_144233.37.zip/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@buzznet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@cupolaventures.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@cupolaventures.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.271:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.272:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\local service@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\LocalService\Cookies\local service@rotator.its.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\system@rotator.its.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.32:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.342:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.77:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.96:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.97:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.117:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.118:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.119:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.120:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.131:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.132:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.133:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.134:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.182:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.284:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\LocalService\Cookies\local service@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.389:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.38:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.39:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.266:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.267:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@www.safer-networking[2].txt -> TrackingCookie.Safer-networking : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.303:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.307:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.308:C:\Documents and Settings\Avi Fuss\Application Data\Mozilla\Firefox\Profiles\e3516sfg.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Abba\Cookies\abba@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Tali\Cookies\tali@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\drvjok.dll.vir -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\winzzc32.dll.vir -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066846.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079696.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP947\A0080049.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\winzzc32(2).dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079704.exe -> Trojan.Fakealert.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\hlpsrv[1].exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hlpsrv.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wnsapiicomsv32.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\rau001978.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066835.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP940\A0066857.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP943\A0074031.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0074628.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0076610.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP944\A0077629.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP945\A0078636.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP945\A0079636.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079664.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079679.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP946\A0079719.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
 
And the HiJack This log. Thanks for all your help - this is so much work for you, and you make the instructions so clear. I really appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 12:56:32 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Avi Fuss\Desktop\scanner.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scan Button.lnk = C:\SCANNER\EXE32\DETECTON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endeavors.com/autodesk/acad2006/clientdownloads/OTAI.CAB
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum167.txt
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
Hi

That 020 entry is still there, let's see if it goes away when file should be gone. If not (or if the file is back), we need stronger tools.

Still problems with control panel?

Open HijackThis, click do a system scan only and checkmark this:

O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum167.txt

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Last edited:
Hi Shaba, yes I still have Control Panel problems. When I ran HiJack This, I got the following error message - same as before:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum167.txt)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



When I click on the link to the Kaspersky scanner in your post, the internet connection times out, and I get a file not found internet error message. When I click on the link from the clean computer I'm using to communicate with you, then it comes up just fine and starts working like you described in your post. On the infected computer, I can get to the main Kaspersky web site from IE, it's the link in your post that times out.
 
Hi

Is that 020 entry still in HijackThis log?

We try this instead of kaspersky:

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download MWav:
  • Unzip it to its predetermined directory (C:\Kaspersky)
  • Locate kavupd.exe in the new folder and double-click to Update.
  • If your firewall gives any messages about this program accessing to internet, allow it.
  • If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
  • When you see Updates Downloaded Successfully, hit Enter to continue.
  • Restart onto Safe Mode and locate the Kaspersky folder.
  • Locate mwavscan.com and double-click on it to launch the MWAV Scanner.
Now lets do the settings:
  • Leave the Default Settings checked.
  • Add a check to Drives
  • This will light up All Drives
  • Add a check to Scan all Files
  • Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
  • Please be sure it has finished before proceeding.
  • Once the Scan has finished, all entries identified as Infected, will be displayed in the lower panel.
  • Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
  • Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).
Reboot into normal Windows and post the results here along with a fresh HijackThis log.
 
Hi Shaba, yes the 020 is still there.

The MWav update process seemed to be successfull - kavupd started and went through all the the updates and I got a Updates Downloaded Successfully message, and I hit enter to continue. All seemed OK. But when I restarted in Safe Mode and clicked on mwavescan, I got an error message from eScan Antivirus Toolkit Utility: Virus Database is older than 30 days - recommend download latest toolkit from http://www.mwti.net - and there's an "OK" box to click. So I clicked, and then nothing happened.

I tried mwavescan a few times, kept getting the same message. I went back to regular Mode, and tried the kavupd process again, but this time it tried to connect, and then it said "failed".

In Safe Mode, am I supposed to let mwavescan "sit" for a while before it starts, even after it gets that error message?

What now? :(
 
Hi

We'll try then another scanner:
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
Hi Shaba, I am so sorry that I didn't get back to you sooner. My neighborhood has had a cable outage, and our internet is unavailable. I am on another computer in a different area. I ran the scans, and have the logs, but I'm not on my home computer and can't send them to you. I hope to be able to post again tomorrow, sometime late. Again, I haven't disappeared, and thank you for all your help so far.
 
Hi Shaba, I'm sorry for the wait. My internet is back. Here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:13:49 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Avi Fuss\Desktop\scanner.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149391482\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: Microsoft Office OneNote 2007 (Beta) Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE12\ONENOTEM.EXE
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Scan Button.lnk = C:\SCANNER\EXE32\DETECTON.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://trials1.endeavors.com/autodesk/acad2006/clientdownloads/OTAI.CAB
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pc.mywebexpc.com/client/v_mywebex-aa/ra/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum167.txt
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
And here is the Dr. Web log. I notice that the hrum167.txt entry is still in the HJT log, even though Dr. Web claims to have deleted it. That is one stubborn file.


hrum167.txt;c:\windows\system32;Trojan.Proxy.1939;Deleted.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3991.4.16;Probably BACKDOOR.Trojan;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Avi Fuss\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Avi Fuss\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Protected_May_28_2004_12_02_01_PM.asf;C:\Documents and Settings\Avi Fuss\My Documents\My Music;Trojan.DownLoader.1729;Deleted.;
countdownsetup.exe;C:\Documents and Settings\Avi Fuss\My Documents\New Folder;Trojan.Ulone;Deleted.;
m[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ;Trojan.Spambot.2400;Deleted.;
winjok[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3;Trojan.DownLoader.29657;Deleted.;
is67718[1].exe;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IDSXMP0N;Trojan.Virtumod;Deleted.;
wr-1-361[1].exe;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IDSXMP0N;Trojan.DownLoader.26881;Deleted.;
m[1].exe;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IJ23MN67;Trojan.Spambot.2400;Deleted.;
winjok[1].exe;C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR2JMBOX;Trojan.DownLoader.29657;Deleted.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
bot.dll.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings;Probably BACKDOOR.Trojan;Incurable.Moved.;
partnership.dll.vir;C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings;Probably BACKDOOR.Trojan;Incurable.Moved.;
attrib.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\AVIFUS~1\APPLIC~1\YSTEM~1;Adware.ClickSpring;Incurable.Moved.;
POOL32~1.VIR;C:\QooBox\Quarantine\C\Program Files\Common Files\SSEMBL~1;Trojan.DownLoader.29746;Deleted.;
popinstall.exe.vir;C:\QooBox\Quarantine\C\Program Files\InetGet2;Trojan.Winpop;Deleted.;
plugin.dll.vir;C:\QooBox\Quarantine\C\Program Files\SmileyDistrict;Adware.SaveNow;Incurable.Moved.;
webbuying.exe.vir;C:\QooBox\Quarantine\C\Program Files\Web Buying\v1.8.0;Adware.WebBuying;Incurable.Moved.;
UnInstall.exe.vir;C:\QooBox\Quarantine\C\Program Files\WinPop;Trojan.Winpop;Deleted.;
winpop.exe.vir;C:\QooBox\Quarantine\C\Program Files\WinPop;Trojan.LowZones.267;Deleted.;
b122.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.8200;Deleted.;
mgrs.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.25873;Deleted.;
ERINIT~1.VIR;C:\QooBox\Quarantine\C\WINDOWS\SKS~1;Trojan.DownLoader.29746;Deleted.;
byxuvvv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
byxwuvv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
gebcbay.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
hrum167.txt.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Proxy.1939;Deleted.;
ivtmubs.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.29746;Deleted.;
kespeulb.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
msbind32.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;BackDoor.Generic.1599;Deleted.;
qqjcfgy.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Adware.WebBuying;Incurable.Moved.;
rxaavqhh.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
slwkynpj.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
sydrwhap.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
uxjjjoid.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
vtr167.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.28776;Deleted.;
vtuuuro.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
waverevenue.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.26881;Deleted.;
woncemyg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.29746;Deleted.;
w71.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\driver;Trojan.DownLoader.26881;Deleted.;
Awf59.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS;Trojan.Spambot.2400;Deleted.;
symavc32.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS;Trojan.Spambot.2400;Deleted.;
f02WtR1065.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f02WtR;Trojan.DownLoader.24715;Deleted.;
f06WtR1083.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f06WtR;Trojan.DownLoader.24715;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0080379.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP949;Adware.Aws;Incurable.Moved.;
A0080380.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP949;Adware.Winad;Incurable.Moved.;
A0080381.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP949;Adware.Winad;Incurable.Moved.;
GTDownDE_87.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown;Incurable.Moved.;
 
You must log in or register to reply here.
Back
Top