efcyyvt.dll is kicking my butt!

K

Kellie

New member
I'm really hoping that someone can give me a 2nd opinion. There must be *something* I'm missing and it's becoming a very unhealthy obsession. LOL (At least that's what my husband tells me!)

We rebuild my system last week. Prior to moving any of my files from the old PC to the new, I ran scans and checks on everything making sure it was clean. Also, I wasn't having infection problems on my old system so I'm relatively sure this is a new problem and not something I transferred from system to system.

I am running Windows XP - service pack 2 is installed.
My virus scanner is McAffee Total Protection and is up-to-date with all updates.

Ad-Aware 2007 version 0012.0000 is installed and up-to-date.

Spybot-Search and Destroy 1.4 is installed and up-to-date.

IE is my default browser - however 99% of the time I use Firefox. (I noticed an immediate decline in the number of pop-ups I had to deal with by using Firefox instead of IE.
However, when Firefox was set as my default browser - I had just as many.)

History, temporary internet files and cookies are deleted everytime I close the browser.

I am running Spyware Blaster version 3.5.1 - updates complete and all protections are enabled.

ATF-Cleaner is installed and I use it, frequently.

Trend Micro Hijack This - version 2 is installed in its own directory, not on the desktop.

Vundo Fix is run daily.

Online virus scanner - CA
08-03-07 found the following:

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local Settings\Temporary Internet Files\Content.IE5\5SENU1JG\

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local

Settings\Temporary Internet Files\Content.IE5\HZOA35FU\

css4[1] Win32/Vundo!generic deleted C:\Documents and Settings\Kellie\Local

Settings\Temporary Internet Files\Content.IE5\ZV2LOJI5\

backup-20070801-164032-702.dll Win32/Chisyne!generic deleted C:\Hijack\backups\

awtss.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

ddccc.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

geedc.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

qespsxle.exe.bad Win32/Secdrop.OF deleted C:\VundoFix Backups\

sstts.dll.bad Win32/Vundo!generic deleted C:\VundoFix Backups\

efcyyvt.dll Win32/Chisyne!generic cannot delete C:\WINDOWS\system32\

jquhytda.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

pmnll.dll Win32/Vundo!generic cannot delete C:\WINDOWS\system32\

rkficesp.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

yjwericp.dll Win32/Darksma!generic deleted C:\WINDOWS\system32\

14 viruses detected - 12 were deleted
remaining infected files:

c:\windows\system32\efcyyvt.dll
c:\windows\system32\pmn.dll

*The thing I found interesting with this is that the only website I went to was the online CA virus scanning page. I had cleared my temporary internet files BEFORE the scan began, yet the scan found and deleted additional files.

I then attempted to run Spybot Search and Destroy in safe mode - however, the program ran for an hour and never actually did anything.

I then attempted to log in in safe mode with a c prompt to delete efcyyvt.dll and pmn.dll - but I wasn't able to either delete or rename the files because they were both in use by another program. According to task manager the only thing that was running was explorer and task manager.

Should I be deleting the Hijack This backup files?

Ugggh.

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:30:18 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll

(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} -

C:\WINDOWS\system32\efcyyvt.dll
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll

(file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll

(file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program

Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed

VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?118

5663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: efcyyvt - C:\WINDOWS\SYSTEM32\efcyyvt.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. -

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program

Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,

Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6195 bytes

Here is my VundoFix log. Note - this morning it was completely clean, then after I ran it after the CA online virus scan (the only website I visited) it found 3 vundo files, deleted them and now it's again clean.

VundoFix V6.5.6

Checking Java version...

Scan started at 8:17:43 AM 8/3/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Scan started at 3:32:31 PM 8/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\pmnll.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnll.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Scan started at 3:37:33 PM 8/3/2007

Listing files found while scanning....

No infected files were found.

Then I ran Ad-Aware, 13 cookies was all that was found and removed. (I didn't post the log because it was huge, but I can do so if needed.)

Search & Destroy reports no immediate threats were found.

So, to the best of my knowledge - the only thing remaining on my PC is this stupid efcyyvt.dll that I can't seem to make disappear. Any suggestions?

I'm no longer getting IE pop-ups but I am getting pop ups from Search and Destroy that something is trying to change a registry setting. This happens if my sytem is idle for 20 minutes or so. If I walk away and come back - it's pretty much guarenteed I'm going to get that notification.

Also, is there something else that I should be doing browser-wise? I just don't understand why all of a sudden everytime I go online I get a vundo infection. Between spywareblaster and high security settings in my browser (along with my obsessive scanning!) plus a virus scanner and a router - I just would have thought I had all my bases covered.

Thanks in advance - the restoring of my sanity will be greatly appreciated.

Kellie.
 
Hi

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply with a fresh hjt log (this time disable word wrap setting in notepad to make log appear without those gaps between the lines making checking more difficult).

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall
 
Thanks for answering so quickly!!

Here is the log from ComboFix:

ComboFix 07-08-04.3 - "Kellie" 2007-08-03 17:41:45.1 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Kellie\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\efcyyvt.dll
C:\WINDOWS\system32\geebb.dll


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-02 08:36 <DIR> d-------- C:\VundoFix Backups
2007-08-02 06:22 125,504 --a------ C:\WINDOWS\system32\aruwxxoj.dll
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-08-01 06:29 125,504 --a------ C:\WINDOWS\system32\nfxondug.dll
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-31 06:32 125,504 --a------ C:\WINDOWS\system32\unbmndfm.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\poo.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\pdum.dll
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-30 06:30 126,016 --a------ C:\WINDOWS\system32\kusvmnvj.dll
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-07-29 21:13 445,440 --a------ C:\WINDOWS\system32\LFCMW13n.dll
2007-07-29 21:13 416,256 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-29 21:13 38,400 --a------ C:\WINDOWS\system32\lfflc13n.dll
2007-07-29 21:13 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-07-29 21:13 351,744 --a------ C:\WINDOWS\system32\LFCMP13n.DLL
2007-07-29 21:13 35,840 --a------ C:\WINDOWS\system32\lfcal13n.dll
2007-07-29 21:13 35,328 --a------ C:\WINDOWS\system32\lttwn13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D4813F9-0D51-4273-9784-BFC15C3FB9F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52AAE82D-7178-4673-8525-5A6AEE00D0DB}]
C:\WINDOWS\system32\sstts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA15C5D6-2BD4-4794-93B8-520A5E6570EC}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA2687F-3232-49D5-9D63-731E8F36F6C9}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F80D34EC-A282-4CA8-881B-66FD837A2659}]
C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 17:45:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 17:47:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-03 17:47

--- E O F ---

And here is the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:22:52 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5874 bytes

Thanks so much!

Kellie.
 
Hi Kellie

Upload following files to http://www.virustotal.com and post the results:
C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
C:\WINDOWS\system32\drivers\fjcvduftgcii.sys


Disable Spybot's TeaTimer
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer



Start hjt, click do a system scan only, check:
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - C:\WINDOWS\system32\sstts.dll (file missing)
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: ddccc - C:\WINDOWS\

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\aruwxxoj.dll
C:\WINDOWS\system32\nfxondug.dll
C:\WINDOWS\system32\kusvmnvj.dll

Folder::
C:\VundoFix Backups


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh hjt log.
 
Hey Blade.

I just wanted you to know that it's probably going to be Monday before I can get to this. I didn't want you to think I took off - and I really appreciate your time.

Kellie.
 
Okay - I'm going to have to post this in 2 sections because it exceeded the character quota.

Results from scan:

File duaxvqatblvq.sys received on 08.06.07 15:27:17 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce


File mvcusexxobbo.sys received on 08.06.07 15:58:47 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File fjcvduftgcii.sys received on 08.06.2007 16:06:08 (CET)

Antivirus Version Last Update Result

Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce


Combo Fix Log:

ComboFix 07-08-04.3 - "Kellie" 2007-08-06 9:33:07.2 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Kellie\Desktop\Install Files\Combo Fix\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\VundoFix Backups\cccdd.bak1.bad
C:\VundoFix Backups\cccdd.bak2.bad
C:\VundoFix Backups\cccdd.ini.bad
C:\VundoFix Backups\cccdd.ini2.bad
C:\VundoFix Backups\cccdd.tmp.bad
C:\VundoFix Backups\cdeeg.bak1.bad
C:\VundoFix Backups\cdeeg.ini.bad
C:\VundoFix Backups\llnmp.bak1.bad
C:\VundoFix Backups\llnmp.ini.bad
C:\VundoFix Backups\pmnll.dll.bad
C:\VundoFix Backups\sstwa.bak1.bad
C:\VundoFix Backups\sstwa.ini.bad
C:\VundoFix Backups\sttss.bak1.bad
C:\VundoFix Backups\sttss.ini.bad
C:\WINDOWS\system32\aruwxxoj.dll
C:\WINDOWS\system32\kusvmnvj.dll
C:\WINDOWS\system32\nfxondug.dll


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-04 19:27 61,440 --a------ C:\WINDOWS\system32\SCSINT.DLL
2007-08-04 19:27 348,160 --a------ C:\WINDOWS\system32\ZIPTOA.EXE
2007-08-04 19:20 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Active Disk
2007-08-04 19:17 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-04 19:16 <DIR> d-------- C:\Program Files\Iomega
2007-08-03 19:43 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-31 06:32 125,504 --a------ C:\WINDOWS\system32\unbmndfm.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\poo.dll
2007-07-30 18:21 12,288 --a------ C:\WINDOWS\system32\pdum.dll
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-07-29 21:13 445,440 --a------ C:\WINDOWS\system32\LFCMW13n.dll
2007-07-29 21:13 416,256 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-29 21:13 38,400 --a------ C:\WINDOWS\system32\lfflc13n.dll
2007-07-29 21:13 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-07-29 21:13 351,744 --a------ C:\WINDOWS\system32\LFCMP13n.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\Kellie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Iomega Backup Scheduler.lnk - C:\Program Files\Iomega\Iomega Backup\dtiom98.exe [2007-08-04 19:27:39]
Iomega Icons.lnk - C:\Program Files\Iomega\Tools\IMGICON.EXE [2007-08-04 19:27:37]
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools\IMGSTART.EXE [2007-08-04 19:27:37]
IomegaWare.lnk - C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE [2007-08-04 19:27:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 09:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-06 9:36:52
C:\ComboFix-quarantined-files.txt ... 2007-08-06 09:36
C:\ComboFix2.txt ... 2007-08-03 17:47

--- E O F ---
 
New Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:41:12 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: efcyyvt - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 6816 bytes
 
Hi

I meant results where scanners say infection found/not found. It looks like you didn't post complete results.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\windows\system32\efcyyvt.dll
C:\WINDOWS\system32\unbmndfm.dll
C:\WINDOWS\system32\poo.dll
C:\WINDOWS\system32\pdum.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]


Save this as
CFScript (overwrite previous one)


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh hjt log.
 
Sorry, I just posted the condensed version of the logs since the files were clean. I ran them
again and posted the results.

File duaxbqatblvq.sys received on 08.06.2007 20:35:45 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File mvcusexxobbo.sys received on 08.06.2007 20:50:01 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce

File fjcvduftgcii.sys received on 08.06.2007 21:01:48 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.03 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.06 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.06 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.06 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.06 -
NOD32v2 2439 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.06 -
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.06 -
TheHacker 6.1.7.162 2007.08.04 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.06 -
Additional information
File size: 8576 bytes
MD5: 843cb965b5d3b7c4dbb477bf3a179c0e
SHA1: 59704bf669be451039ecba9e98a0a42814123fce
 
Here is the new ComboFix log:

ComboFix 07-08-04.3 - "Kellie" 2007-08-06 14:10:22.3 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Kellie\Desktop\Install Files\Combo Fix\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pdum.dll
C:\WINDOWS\system32\poo.dll
C:\WINDOWS\system32\unbmndfm.dll


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-04 19:27 61,440 --a------ C:\WINDOWS\system32\SCSINT.DLL
2007-08-04 19:27 348,160 --a------ C:\WINDOWS\system32\ZIPTOA.EXE
2007-08-04 19:20 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Active Disk
2007-08-04 19:17 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-04 19:16 <DIR> d-------- C:\Program Files\Iomega
2007-08-03 19:43 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll
2007-07-29 21:13 445,440 --a------ C:\WINDOWS\system32\LFCMW13n.dll
2007-07-29 21:13 416,256 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-07-29 21:13 38,400 --a------ C:\WINDOWS\system32\lfflc13n.dll
2007-07-29 21:13 37,888 --a------ C:\WINDOWS\system32\lfeps13n.dll
2007-07-29 21:13 351,744 --a------ C:\WINDOWS\system32\LFCMP13n.DLL
2007-07-29 21:13 35,840 --a------ C:\WINDOWS\system32\lfcal13n.dll
2007-07-29 21:13 35,328 --a------ C:\WINDOWS\system32\lttwn13n.dll
2007-07-29 21:13 34,816 --a------ C:\WINDOWS\system32\ltisi13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\Kellie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Iomega Backup Scheduler.lnk - C:\Program Files\Iomega\Iomega Backup\dtiom98.exe [2007-08-04 19:27:39]
Iomega Icons.lnk - C:\Program Files\Iomega\Tools\IMGICON.EXE [2007-08-04 19:27:37]
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools\IMGSTART.EXE [2007-08-04 19:27:37]
IomegaWare.lnk - C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE [2007-08-04 19:27:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 14:12:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-06 14:14:24
C:\ComboFix-quarantined-files.txt ... 2007-08-06 14:13
C:\ComboFix2.txt ... 2007-08-06 09:36
C:\ComboFix3.txt ... 2007-08-03 17:47

--- E O F ---
 
Here is the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:16:19 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\Iomega Backup\DTSC.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 6698 bytes
 
Okay :) Let's do final check with Kaspersky.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please do an online scan with
Kaspersky
WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest
    definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise
      Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been
    infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with a fresh hjt log.



Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.
 
Hey Blade.

Okay - fun times. I'm having problems running the Kaspersky scan. It installs fine, however I've attempted running a total (extended) scan 4 times now and each time it gets to the same point c:\System Volume Information\_restore and hangs for about 40 minutes and then crashes my computer. One time it actually blue screened - something I hadn't seen since the old beta copies of Windows NT found their way into my software developer husband's hot little hands. LOL

Anyway - do you have any suggestions or should I keep trying? Is it possible the folder is corrupt? I've tried disabling all other virus/adware scanners (SpywareBlaster, SpywareGuard, Ad-aware, Spybot S&D and McAffee) in the event that was causing a conflict - that didn't seem to be the problem.

Thanks for your help.

Kellie.
 
Hi Kellie

Have you tried defragging hard drive(s) and scanning after that? If still no success then we can try some other scanners.
 
What a pain the butt that was! But, happily, I learned a lot and for the most part have a clean system! Progress. Clearly there was *something* in my System Recovery
folder that the scan wasn't liking as it always hung and locked up my computer in the exact same spot.

I defragged as you suggested and the problem persisted so I did a little research about how to clear your system recovery folder. If you ever have someone else have a similar situation - this is what finally worked for me:

Obviously this is not without risks, but at this point if I had to rebuild my system againit wouldn't have been the worst thing ever. I have proper backups and now understand that when I moved stuff off my old system and onto the new a few weeks ago - the files were not clean like I had thought.

First I went into the Control Panel and made all folders and files visable. Then I had McAfee Total Protection scan just the c:\System Volume Information folder. That scan found
13 viruses in 74 infected objects. Most were Virtumonde.

It didn't make much sense to me to have system restore points with infected files so I went into the System Properties of my C drive and checked the "Turn off System Restore" button rebooted my computer. That cleared the folder completely - then I went back into System Restore and turned back on the System Restore function and made sure the status was monitoring. Then I went into the System Recovery option in the System Tools folder and created a new restore point.

I was then able to run the Kaspersky Scanner. Finally, here is the log:

Wednesday, August 08, 2007 7:27:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/08/2007
Kaspersky Anti-Virus database records: 376996
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 652560
Number of viruses found 9
Number of infected objects 18
Number of suspicious objects 0
Duration of the scan process 05:06:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Kellie\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Kellie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Temp\~DF85FE.tmp Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Temp\~DF99DD.tmp Object is locked skipped
C:\Documents and Settings\Kellie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kellie\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kellie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/18 Aug 2004 16:14 from paulson@umbc.edu:Re: Extended Mail System/msg_kellie.txt Infected: Email-Worm.Win32.NetSky.q skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/09 Aug 2004 20:11 from Contact/price_08.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/09 Aug 2004 20:11 from Contact/price_08.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/09 Aug 2004 20:11 from Contact/price_08.zip Infected: Email-Worm.Win32.Bagle.al skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/07 Jun 2004 17:07 from knobbout@uni-one.nl:hi/old_photos.zip/old_photos.doc.com Infected: Email-Worm.Win32.NetSky.c skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/07 Jun 2004 17:07 from knobbout@uni-one.nl:hi/old_photos.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/07 Jun 2004 05:46 from stinger@adelphia.net:Important m$6h?3p/important.txt Infected: Email-Worm.Win32.NetSky.q skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/14 May 2004 01:43 from updates@justsaywow.com:Fwd: Warning again/websites01.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/14 May 2004 01:43 from updates@justsaywow.com:Fwd: Warning again/websites01.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/15 Nov 2005 01:58 from sewincat@earthlink.net:Thanks for your re/reg_text.zip/Reg-List-Dat_Packer2.exe Infected: Email-Worm.Win32.Sober.v skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/15 Nov 2005 01:58 from sewincat@earthlink.net:Thanks for your re/reg_text.zip Infected: Email-Worm.Win32.Sober.v skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/23 Aug 2005 20:39 from administrator@kelliesdesigns.com:Your pas/email-password.zip/email-password.doc .scr Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/23 Aug 2005 20:39 from administrator@kelliesdesigns.com:Your pas/email-password.zip Infected: Net-Worm.Win32.Mytob.bk skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/04 May 2005 19:02 from ropheka@tpg.com.au:Re:/our_secret.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/20 Feb 2005 03:06 from Regions & Union Planters:Regions Bank ale.rtf Infected: Trojan-Spy.HTML.Bankfraud.ci skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/12 Feb 2005 18:53 from pampsellers@bellsouth.net:stolen/stuff.zip/stuff.htm.exe Infected: Email-Worm.Win32.NetSky.b skipped
C:\Email\outlook.pst/Kellies Email/Inbox/Old Inbox/12 Feb 2005 18:53 from pampsellers@bellsouth.net:stolen/stuff.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\Email\outlook.pst Mail MS Mail: infected - 17 skipped
C:\Program Files\McAfee\Managed VirusScan\Agent\Report\CIOD5.tmp Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D0719E04-61FB-4045-A7E3-1A09530A9CDE}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

I've since gone through and deleted the infected emails from my archived outlook.pst folder. Should I be concerned about all the "locked" files?

Thank you SO much helping me - I've learned a ton.

Kellie
 
Hi Kellie

Glad you worked it out :)

I believe you don't need to be worried about those locked files.

Could you now post hjt log for final check? :)
 
HJT Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:20:29 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Buzz Tools\BuzzXplore\BuzzXplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelliewaltondesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: (no name) - {2D4813F9-0D51-4273-9784-BFC15C3FB9F3} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {52AAE82D-7178-4673-8525-5A6AEE00D0DB} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - (no file)
O2 - BHO: (no name) - {CA15C5D6-2BD4-4794-93B8-520A5E6570EC} - (no file)
O2 - BHO: (no name) - {ECA2687F-3232-49D5-9D63-731E8F36F6C9} - (no file)
O2 - BHO: (no name) - {F80D34EC-A282-4CA8-881B-66FD837A2659} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185663719436
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\
O20 - Winlogon Notify: efcyyvt - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7629 bytes

:bigthumb:
 
Some entries belonging to Vundo are appearing on the log. :sad: We need to run run ComboFix again. Post its log when you're ready :)
 
Stupid Vundo.

Here's my Combo log:

ComboFix 07-08-04.3 - "Kellie" 2007-08-08 15:24:55.4 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 09:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-07 15:54 <DIR> d-------- C:\Program Files\Netflix
2007-08-07 10:30 12,288 --a------ C:\WINDOWS\system32\poo.dll
2007-08-07 10:30 12,288 --a------ C:\WINDOWS\system32\pdum.dll
2007-08-07 09:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-07 09:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-06 15:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-06 15:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-04 19:27 61,440 --a------ C:\WINDOWS\system32\SCSINT.DLL
2007-08-04 19:27 348,160 --a------ C:\WINDOWS\system32\ZIPTOA.EXE
2007-08-04 19:20 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Active Disk
2007-08-04 19:17 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-08-04 19:16 <DIR> d-------- C:\Program Files\Iomega
2007-08-03 19:43 <DIR> d-------- C:\Program Files\SpywareGuard
2007-08-03 17:40 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-03 13:22 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-02 12:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 22:30 1,277 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:00 8,576 --a------ C:\WINDOWS\system32\drivers\duaxbqatblvq.sys
2007-08-01 18:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-01 15:59 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-01 15:58 <DIR> d-------- C:\Program Files\Panda Security
2007-08-01 14:26 8,576 --a------ C:\WINDOWS\system32\drivers\mvcusexxobbo.sys
2007-08-01 13:33 8,576 --a------ C:\WINDOWS\system32\drivers\fjcvduftgcii.sys
2007-08-01 12:46 <DIR> d-------- C:\DOCUME~1\Kellie\.housecall6.6
2007-08-01 11:41 <DIR> d-------- C:\Hijack
2007-07-31 14:27 <DIR> d-------- C:\Pictures for Mom
2007-07-31 13:22 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\EPSON
2007-07-31 13:21 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Smart Panel
2007-07-31 13:17 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\ArcSoft
2007-07-31 13:10 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-07-31 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-31 13:06 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\Leadertech
2007-07-31 13:05 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-07-31 13:05 430,080 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-07-31 13:05 385,024 --a------ C:\WINDOWS\system32\Vbar332.dll
2007-07-31 13:05 294,912 --a------ C:\WINDOWS\system32\Msxbse35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-07-31 13:05 262,144 --a------ C:\WINDOWS\system32\Msexcl35.dll
2007-07-31 13:05 250,128 --a------ C:\WINDOWS\system32\mspdox35.dll
2007-07-31 13:05 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-31 13:05 176,128 --a------ C:\WINDOWS\system32\Mstext35.dll
2007-07-31 13:05 166,160 --a------ C:\WINDOWS\system32\msltus35.dll
2007-07-31 13:05 123,664 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-31 13:05 1,056,768 --a------ C:\WINDOWS\system32\Msjet35.dll
2007-07-31 13:02 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-07-31 13:02 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-07-31 13:02 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-07-31 13:02 <DIR> d-------- C:\Program Files\Common Files\Python
2007-07-31 13:02 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-31 13:00 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-07-31 13:00 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-07-31 13:00 64,000 --a------ C:\WINDOWS\system32\ESFW30.BIN
2007-07-31 13:00 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-07-31 13:00 278,528 --a------ C:\WINDOWS\system32\esint30.dll
2007-07-31 13:00 217,088 --a------ C:\WINDOWS\system32\ESDTR.dll
2007-07-31 13:00 176,128 --a------ C:\WINDOWS\system32\ESWIA30.dll
2007-07-31 13:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-07-31 12:59 <DIR> d-------- C:\Program Files\EPSON
2007-07-31 12:23 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-07-31 12:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-31 12:23 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-31 12:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-30 18:17 436,736 --a------ C:\WINDOWS\system32\WBDBR32I.DLL
2007-07-30 18:17 36,352 --a------ C:\WINDOWS\system32\wwctl32i.dll
2007-07-30 18:17 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2007-07-30 18:17 <DIR> d-------- C:\Program Files\Buzz Tools
2007-07-30 17:18 <DIR> d-------- C:\DOCUME~1\Kellie\APPLIC~1\CoffeeCup Software
2007-07-30 17:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-07-29 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 21:13 966,144 --a------ C:\WINDOWS\system32\ltdlgres13n.dll
2007-07-29 21:13 93,184 --a------ C:\WINDOWS\system32\lfPCL13n.dll
2007-07-29 21:13 921,088 --a------ C:\WINDOWS\system32\LTDic13n.dll
2007-07-29 21:13 918,016 --a------ C:\WINDOWS\system32\Ltwvc13n.dll
2007-07-29 21:13 90,112 --a------ C:\WINDOWS\system32\lfjbg13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lfgbr13n.dll
2007-07-29 21:13 84,480 --a------ C:\WINDOWS\system32\lffpx13n.dll
2007-07-29 21:13 825,344 --a------ C:\WINDOWS\system32\ltwen13n.dll
2007-07-29 21:13 82,432 --a------ C:\WINDOWS\system32\lfshp13n.dll
2007-07-29 21:13 80,384 --a------ C:\WINDOWS\system32\LTCON13n.dll
2007-07-29 21:13 796,160 --a------ C:\WINDOWS\system32\ltann13n.dll
2007-07-29 21:13 794,624 --a------ C:\WINDOWS\system32\LTRTN13n.DLL
2007-07-29 21:13 77,312 --a------ C:\WINDOWS\system32\LTTLB13n.dll
2007-07-29 21:13 76,288 --a------ C:\WINDOWS\system32\ltpdg13n.dll
2007-07-29 21:13 74,240 --a------ C:\WINDOWS\system32\lfplt13n.dll
2007-07-29 21:13 73,216 --a------ C:\WINDOWS\system32\lffax13n.dll
2007-07-29 21:13 69,632 --a------ C:\WINDOWS\system32\LFPTK13n.dll
2007-07-29 21:13 65,536 --a------ C:\WINDOWS\system32\Lfcgm13n.dll
2007-07-29 21:13 6,144 --a------ C:\WINDOWS\system32\AWDCXC32.DLL
2007-07-29 21:13 59,392 --a------ C:\WINDOWS\system32\Lfpct13n.dll
2007-07-29 21:13 58,368 --a------ C:\WINDOWS\system32\lfsct13n.dll
2007-07-29 21:13 55,296 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2007-07-29 21:13 54,784 --a------ C:\WINDOWS\system32\Lfdgn13n.dll
2007-07-29 21:13 52,224 --a------ C:\WINDOWS\system32\lfdrw13n.dll
2007-07-29 21:13 50,176 --a------ C:\WINDOWS\system32\ltlst13n.dll
2007-07-29 21:13 49,152 --a------ C:\WINDOWS\system32\Lfwmf13n.dll
2007-07-29 21:13 482,816 --a------ C:\WINDOWS\system32\lfdwf13n.dll
2007-07-29 21:13 48,128 --a------ C:\WINDOWS\system32\lfica13n.dll
2007-07-29 21:13 47,104 --a------ C:\WINDOWS\system32\lfXpm13n.dll
2007-07-29 21:13 45,056 --a------ C:\WINDOWS\system32\lfXbm13n.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 18:21 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D4813F9-0D51-4273-9784-BFC15C3FB9F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52AAE82D-7178-4673-8525-5A6AEE00D0DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67475B4D-150D-44A4-B5DD-BC80D4C9361F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA15C5D6-2BD4-4794-93B8-520A5E6570EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECA2687F-3232-49D5-9D63-731E8F36F6C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F80D34EC-A282-4CA8-881B-66FD837A2659}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 17:25]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 04:03]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6021\SiteAdv.exe" [2007-02-03 13:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\Kellie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2007-07-30 17:17:54]
Iomega Backup Scheduler.lnk - C:\Program Files\Iomega\Iomega Backup\dtiom98.exe [2007-08-04 19:27:39]
Iomega Icons.lnk - C:\Program Files\Iomega\Tools\IMGICON.EXE [2007-08-04 19:27:37]
Iomega Startup Options.lnk - C:\Program Files\Iomega\Tools\IMGSTART.EXE [2007-08-04 19:27:37]
IomegaWare.lnk - C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE [2007-08-04 19:27:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 15:41:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyyvt]

R0 IdeBusDr;IdeBusDr;C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
R0 IdeChnDr;Intel(R) Ultra ATA Controller;C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS
R3 busbcrw;USB Card Reader Writer driver;C:\WINDOWS\system32\Drivers\busbcrw.sys
R3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys

*Newly Created Service* - NTMSSVC

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 15:26:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001cd

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-08 15:28:33

--- E O F ---
 
You must log in or register to reply here.
Back
Top