virtumonde help

Status
Not open for further replies.
It worked this time here is both logs

ComboFix 08-09-26.06 - Owner 2008-09-28 10:46:21.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\windows\BM57247bb3.txt
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\cdezcp.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\zewzrl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\BM57247bb3.txt
C:\windows\BM57247bb3.xml
C:\windows\pskt.ini
C:\WINDOWS\system32\ieencode.dll
.
---- Previous Run -------
.
C:\Program Files\ewido anti-spyware 4.0
C:\Program Files\ewido anti-spyware 4.0\updater.ewidolog
C:\windows\BM57247bb3.txt
C:\windows\pskt.ini
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\cdezcp.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\zewzrl.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 10:21 . 2008-09-28 10:21 42,496 --a------ C:\WINDOWS\system32\wvUljHAt.dll
2008-09-28 10:21 . 2008-09-28 10:21 42,496 --a------ C:\WINDOWS\system32\tuvWnoMf.dll
2008-09-28 09:47 . 2008-09-28 09:47 988,183 ---hs---- C:\WINDOWS\system32\djqmrbul.ini
2008-09-28 09:47 . 2008-09-28 09:47 78,848 --a------ C:\WINDOWS\system32\lubrmqjd.dll
2008-09-28 09:44 . 2008-09-28 09:44 111,616 --a------ C:\WINDOWS\system32\epktljnl.dll
2008-09-28 09:44 . 2008-09-28 09:44 111,616 --a------ C:\WINDOWS\system32\agdryk.dll
2008-09-28 09:43 . 2008-09-28 09:43 105,984 --a------ C:\WINDOWS\system32\euvcndwv.dll
2008-09-28 08:37 . 2008-09-28 08:37 42,496 --a------ C:\WINDOWS\system32\urqQhhIc.dll
2008-09-28 08:37 . 2008-09-28 08:37 42,496 --a------ C:\WINDOWS\system32\urqNDvsQ.dll
2008-09-27 19:00 . 2008-09-27 19:00 46,080 --a------ C:\WINDOWS\system32\xxyxWNGX.dll
2008-09-27 19:00 . 2008-09-27 19:00 46,080 --a------ C:\WINDOWS\system32\fccARHyy.dll
2008-09-27 18:27 . 2008-09-27 18:27 46,080 --a------ C:\WINDOWS\system32\xxyxusTl.dll
2008-09-27 18:27 . 2008-09-27 18:27 46,080 --a------ C:\WINDOWS\system32\awtsSlmL.dll
2008-09-27 18:26 . 2008-09-27 18:26 155,648 --a------ C:\WINDOWS\system32\qayfrxfo.dll
2008-09-27 18:09 . 2008-09-27 18:09 155,648 --a------ C:\WINDOWS\system32\ubtnypty.dll
2008-09-27 18:09 . 2008-09-27 18:09 107,008 --a------ C:\WINDOWS\system32\wfmfoavm.dll
2008-09-27 18:08 . 2008-09-27 18:08 155,648 --a------ C:\WINDOWS\system32\tklhyjjf.dll
2008-09-27 18:06 . 2008-09-27 18:06 107,008 --a------ C:\WINDOWS\system32\dmvjlulc.dll
2008-09-27 18:05 . 2008-09-28 10:46 875,566 --ahs---- C:\WINDOWS\system32\FeKmWvut.ini2
2008-09-27 18:05 . 2008-09-28 10:46 875,566 --ahs---- C:\WINDOWS\system32\FeKmWvut.ini
2008-09-27 18:05 . 2008-09-27 18:05 253,440 --a------ C:\WINDOWS\system32\tuvWmKeF.dll
2008-09-26 17:58 . 2008-09-27 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 10:28 . 2008-09-27 08:57 427 --a------ C:\WINDOWS\wininit.ini
2008-09-26 07:19 . 2008-09-26 07:19 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-25 13:46 . 2007-08-13 18:45 78,336 --a--c--- C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-25 13:00 . 2008-09-25 13:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-23 21:26 . 2008-09-23 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> dr-hs---- C:\_Backup.RC
2008-09-23 21:21 . 2008-09-24 00:20 <DIR> d--h----- C:\_Backup
2008-09-23 21:19 . 2008-09-23 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Program Files\Avanquest
2008-09-23 21:10 . 2008-09-23 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 20:28 . 2008-09-23 20:36 921,005 --ahs---- C:\WINDOWS\system32\fcmlcxix.ini
2008-09-22 20:25 . 2008-09-22 20:25 99,328 --a------ C:\WINDOWS\system32\elbyvebf.dll
2008-09-22 14:28 . 2008-09-22 14:28 879,630 --ahs---- C:\WINDOWS\system32\ifvyfbwc.ini
2008-09-22 14:25 . 2008-09-22 14:25 113,152 --a------ C:\WINDOWS\system32\pgnvgrox.dll
2008-09-22 14:25 . 2008-09-22 14:25 113,152 --a------ C:\WINDOWS\system32\cguzet.dll
2008-09-22 14:23 . 2008-09-22 14:23 99,328 --a------ C:\WINDOWS\system32\ylxxhiob.dll
2008-09-22 14:19 . 2008-09-22 14:22 879,570 --ahs---- C:\WINDOWS\system32\gbkfunct.ini
2008-09-22 14:16 . 2008-09-26 10:33 876,630 --ahs---- C:\WINDOWS\system32\TAyJlUtv.ini2
2008-09-22 14:16 . 2008-09-26 10:34 876,630 --ahs---- C:\WINDOWS\system32\TAyJlUtv.ini
2008-09-22 14:16 . 2008-09-22 14:16 99,328 --a------ C:\WINDOWS\system32\baieqfob.dll
2008-09-22 14:10 . 2008-09-22 14:10 43,008 --a------ C:\WINDOWS\system32\ssqNHwTm.dll
2008-09-21 17:23 . 2004-08-30 21:00 365,568 --a------ C:\WINDOWS\system32\doskeys.exe
2008-09-21 17:23 . 2008-09-21 17:23 51,712 --a------ C:\WINDOWS\system32\dllhosts.exe
2008-09-21 17:23 . 2008-09-28 10:37 215 --a------ C:\WINDOWS\system32\Monitored2.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:53 --------- d-----w C:\Program Files\QuickTime
2008-09-28 16:31 --------- d-----w C:\Program Files\Zinio
2008-09-28 16:31 --------- d-----w C:\Program Files\iTunes
2008-09-28 16:31 --------- d-----w C:\Program Files\Digital Media Reader
2008-09-27 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-27 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 22:30 --------- d-----w C:\Program Files\xxx.xxx
2008-09-25 19:47 --------- d-----w C:\Program Files\Opera
2008-09-24 02:55 --------- d-----w C:\Program Files\Symantec
2008-09-24 02:28 --------- d-----w C:\Program Files\Photo Manager
2008-09-24 02:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-24 16:43 --------- d-----w C:\Program Files\Sun
2008-08-24 16:42 --------- d-----w C:\Program Files\Java
2008-03-26 15:20 228,336 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 01:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-12-18 18:20 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2002-07-26 22:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_12.33.38.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-09 15:50:42 155,648 -c--a-w C:\windows\system32\NeroCheck.exe
+ 2004-03-10 21:26:10 406,016 -c--a-w C:\windows\system32\PSDrvCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00BA82ED-AF2F-40BD-995C-320BBD6A509e}]
2008-09-27 18:26 155648 --a------ C:\windows\system32\qayfrxfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca3a2052-0769-4c60-a246-99628fb3eb7c}]
2008-09-28 09:44 111616 --a------ C:\windows\system32\agdryk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAA91B0C-B261-4328-B3C1-07F4E5D8F3E9}]
2008-09-27 18:05 253440 --a------ C:\windows\system32\tuvWmKeF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E538488B-36AB-42FF-8498-271810C9C599}]
2008-09-22 14:10 43008 --a------ C:\windows\system32\ssqNHwTm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [X]
"HostManager"="C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe" [2006-09-25 50736]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"LVCOMSX"="C:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"5417482f"="C:\windows\system32\lubrmqjd.dll" [2008-09-28 78848]
"BM57247bb3"="C:\windows\system32\euvcndwv.dll" [2008-09-28 105984]
"ShowWnd"="ShowWnd.exe" [2003-09-19 C:\WINDOWS\ShowWnd.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2008-09-21 C:\WINDOWS\system32\dllhosts.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E538488B-36AB-42FF-8498-271810C9C599}"= "C:\windows\system32\ssqNHwTm.dll" [2008-09-22 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNHwTm]
2008-09-22 14:10 43008 C:\WINDOWS\system32\ssqNHwTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\windows\system32\DRIVERS\lstone2k.sys [2002-12-10 11:20]
R3 I97DRIVER;I97DRIVER;C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys [2007-08-31 11:18]
S1 MemAlloc;MemAlloc;C:\windows\system32\DRIVERS\memalloc.sys [2002-08-26 04:51]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2008-08-26 14:14]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17147075-1ead-11d9-bea6-806d6172696f}]
\Shell\AutoRun\command - F:\cdplayer.exe

*Newly Created Service* - MAILSCAN
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AOLAspSunset - C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 10:54:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\windows\system32\ssqNHwTm.dll

PROCESS: C:\windows\explorer.exe
-> C:\windows\system32\lubrmqjd.dll
-> C:\windows\system32\euvcndwv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-28 11:05:04 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-09-28 18:04:55
ComboFix2.txt 2008-09-27 19:36:10

Pre-Run: 117,386,391,552 bytes free
Post-Run: 117,369,040,896 bytes free

422 --- E O F --- 2008-09-10 10:01:09


ComboFix 08-09-26.06 - Owner 2008-09-28 10:46:21.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\windows\BM57247bb3.txt
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\cdezcp.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\zewzrl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\BM57247bb3.txt
C:\windows\BM57247bb3.xml
C:\windows\pskt.ini
C:\WINDOWS\system32\ieencode.dll
.
---- Previous Run -------
.
C:\Program Files\ewido anti-spyware 4.0
C:\Program Files\ewido anti-spyware 4.0\updater.ewidolog
C:\windows\BM57247bb3.txt
C:\windows\pskt.ini
C:\WINDOWS\system32\akcskd.dll
C:\WINDOWS\system32\aqkrohsi.ini
C:\WINDOWS\system32\blqsdmbn.dll
C:\WINDOWS\system32\bskxlmrh.ini
C:\WINDOWS\system32\btedxycx.dll
C:\WINDOWS\system32\bwfytjkn.dll
C:\WINDOWS\system32\cdezcp.dll
C:\WINDOWS\system32\cfioldln.ini
C:\WINDOWS\system32\ddLUvyay.ini
C:\WINDOWS\system32\ddLUvyay.ini2
C:\WINDOWS\system32\dldjdgpb.dll
C:\WINDOWS\system32\dowdrmdm.dll
C:\WINDOWS\system32\epttasrt.dll
C:\WINDOWS\system32\eqlrtjwc.dll
C:\WINDOWS\system32\eysijgoc.dll
C:\WINDOWS\system32\ffmlux.dll
C:\WINDOWS\system32\fiqhlfgs.ini
C:\WINDOWS\system32\frjdpkfp.dll
C:\WINDOWS\system32\gcfkfrvj.dll
C:\WINDOWS\system32\gndewlnl.ini
C:\WINDOWS\system32\gogtflpg.dll
C:\WINDOWS\system32\gsybahph.dll
C:\WINDOWS\system32\hejwhasx.dll
C:\WINDOWS\system32\hfbpzu.dll
C:\WINDOWS\system32\hggeBsPj.dll
C:\WINDOWS\system32\hijyqy.dll
C:\WINDOWS\system32\hjrcmntv.dll
C:\WINDOWS\system32\hohqil.dll
C:\WINDOWS\system32\hpepyvtt.dll
C:\WINDOWS\system32\htyoltvx.dll
C:\WINDOWS\system32\hucofkti.dll
C:\WINDOWS\system32\hxwaap.dll
C:\WINDOWS\system32\hyuxwaak.ini
C:\WINDOWS\system32\iacgms.dll
C:\WINDOWS\system32\icpwhfeh.ini
C:\WINDOWS\system32\ieencode.dll
C:\WINDOWS\system32\iiFUmMfd.dll
C:\WINDOWS\system32\iiqnshct.ini
C:\WINDOWS\system32\jahxmi.dll
C:\WINDOWS\system32\jbksnxhl.dll
C:\WINDOWS\system32\jdsyhtrr.dll
C:\WINDOWS\system32\jflphxuo.dll
C:\WINDOWS\system32\jihrwqmq.dll
C:\WINDOWS\system32\kesxfccs.dll
C:\WINDOWS\system32\khfDTNEt.dll
C:\WINDOWS\system32\knvknwjd.dll
C:\WINDOWS\system32\kugnlc.dll
C:\WINDOWS\system32\kxkgphkq.dll
C:\WINDOWS\system32\kyikvrpi.dll
C:\WINDOWS\system32\lcisicjc.ini
C:\WINDOWS\system32\leulfi.dll
C:\WINDOWS\system32\mcsfqram.dll
C:\WINDOWS\system32\mcuiivho.dll
C:\WINDOWS\system32\mdldtxkb.dll
C:\WINDOWS\system32\mdygoxfe.dll
C:\WINDOWS\system32\mskqmb.dll
C:\WINDOWS\system32\nghlvivg.dll
C:\WINDOWS\system32\niesnuco.ini
C:\WINDOWS\system32\njslkici.dll
C:\WINDOWS\system32\nmemoh.dll
C:\WINDOWS\system32\nnicsm.dll
C:\WINDOWS\system32\nnnkJAsP.dll
C:\WINDOWS\system32\nnnoLEWo.dll
C:\WINDOWS\system32\nnnoPgHA.dll
C:\WINDOWS\system32\nrvprgka.dll
C:\WINDOWS\system32\ntcxws.dll
C:\WINDOWS\system32\oikednnm.dll
C:\WINDOWS\system32\omcyibwl.ini
C:\WINDOWS\system32\onlbgw.dll
C:\WINDOWS\system32\pahqhe.dll
C:\WINDOWS\system32\pbbwacnk.dll
C:\WINDOWS\system32\phmkln.dll
C:\WINDOWS\system32\pwhepwsr.dll
C:\WINDOWS\system32\qkiizc.dll
C:\WINDOWS\system32\qlnbcmqq.dll
C:\WINDOWS\system32\qpityipw.ini
C:\WINDOWS\system32\qtpfopgn.dll
C:\WINDOWS\system32\rcajwmty.dll
C:\WINDOWS\system32\rcuiue.dll
C:\WINDOWS\system32\rgkjuxjs.dll
C:\WINDOWS\system32\rqRhIBSk.dll
C:\WINDOWS\system32\rqRIxuTM.dll
C:\WINDOWS\system32\scckgugp.ini
C:\WINDOWS\system32\sdxhrljf.dll
C:\WINDOWS\system32\srqginiw.ini
C:\WINDOWS\system32\sSmjiiIx.dll
C:\WINDOWS\system32\swgatpcp.ini
C:\WINDOWS\system32\swlhpwhw.dll
C:\WINDOWS\system32\sxksoonm.dll
C:\WINDOWS\system32\tcgqauvy.ini
C:\WINDOWS\system32\tchsnqii.dll
C:\WINDOWS\system32\tehogmas.dll
C:\WINDOWS\system32\tmgaebio.dll
C:\WINDOWS\system32\ujyjlj.dll
C:\WINDOWS\system32\vfexxy.dll
C:\WINDOWS\system32\vhypgmdj.dll
C:\WINDOWS\system32\vobkrdoi.dll
C:\WINDOWS\system32\vppgnbit.dll
C:\WINDOWS\system32\vsalhfng.dll
C:\WINDOWS\system32\winigqrs.dll
C:\WINDOWS\system32\wokfjqqd.ini
C:\WINDOWS\system32\xacykm.dll
C:\WINDOWS\system32\xcbwtqed.dll
C:\WINDOWS\system32\xIiijmSs.ini
C:\WINDOWS\system32\xIiijmSs.ini2
C:\WINDOWS\system32\XIOVxyxx.ini
C:\WINDOWS\system32\XIOVxyxx.ini2
C:\WINDOWS\system32\xjbmwcgl.dll
C:\WINDOWS\system32\xtcbmxkr.ini
C:\WINDOWS\system32\xtvdjaij.ini
C:\WINDOWS\system32\ydpoidih.ini
C:\WINDOWS\system32\ytmwjacr.ini
C:\WINDOWS\system32\yvwepumr.dll
C:\WINDOWS\system32\zewzrl.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 10:21 . 2008-09-28 10:21 42,496 --a------ C:\WINDOWS\system32\wvUljHAt.dll
2008-09-28 10:21 . 2008-09-28 10:21 42,496 --a------ C:\WINDOWS\system32\tuvWnoMf.dll
2008-09-28 09:47 . 2008-09-28 09:47 988,183 ---hs---- C:\WINDOWS\system32\djqmrbul.ini
2008-09-28 09:47 . 2008-09-28 09:47 78,848 --a------ C:\WINDOWS\system32\lubrmqjd.dll
2008-09-28 09:44 . 2008-09-28 09:44 111,616 --a------ C:\WINDOWS\system32\epktljnl.dll
2008-09-28 09:44 . 2008-09-28 09:44 111,616 --a------ C:\WINDOWS\system32\agdryk.dll
2008-09-28 09:43 . 2008-09-28 09:43 105,984 --a------ C:\WINDOWS\system32\euvcndwv.dll
2008-09-28 08:37 . 2008-09-28 08:37 42,496 --a------ C:\WINDOWS\system32\urqQhhIc.dll
2008-09-28 08:37 . 2008-09-28 08:37 42,496 --a------ C:\WINDOWS\system32\urqNDvsQ.dll
2008-09-27 19:00 . 2008-09-27 19:00 46,080 --a------ C:\WINDOWS\system32\xxyxWNGX.dll
2008-09-27 19:00 . 2008-09-27 19:00 46,080 --a------ C:\WINDOWS\system32\fccARHyy.dll
2008-09-27 18:27 . 2008-09-27 18:27 46,080 --a------ C:\WINDOWS\system32\xxyxusTl.dll
2008-09-27 18:27 . 2008-09-27 18:27 46,080 --a------ C:\WINDOWS\system32\awtsSlmL.dll
2008-09-27 18:26 . 2008-09-27 18:26 155,648 --a------ C:\WINDOWS\system32\qayfrxfo.dll
2008-09-27 18:09 . 2008-09-27 18:09 155,648 --a------ C:\WINDOWS\system32\ubtnypty.dll
2008-09-27 18:09 . 2008-09-27 18:09 107,008 --a------ C:\WINDOWS\system32\wfmfoavm.dll
2008-09-27 18:08 . 2008-09-27 18:08 155,648 --a------ C:\WINDOWS\system32\tklhyjjf.dll
2008-09-27 18:06 . 2008-09-27 18:06 107,008 --a------ C:\WINDOWS\system32\dmvjlulc.dll
2008-09-27 18:05 . 2008-09-28 10:46 875,566 --ahs---- C:\WINDOWS\system32\FeKmWvut.ini2
2008-09-27 18:05 . 2008-09-28 10:46 875,566 --ahs---- C:\WINDOWS\system32\FeKmWvut.ini
2008-09-27 18:05 . 2008-09-27 18:05 253,440 --a------ C:\WINDOWS\system32\tuvWmKeF.dll
2008-09-26 17:58 . 2008-09-27 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 10:28 . 2008-09-27 08:57 427 --a------ C:\WINDOWS\wininit.ini
2008-09-26 07:19 . 2008-09-26 07:19 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-25 13:46 . 2007-08-13 18:45 78,336 --a--c--- C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-25 13:00 . 2008-09-25 13:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-23 21:26 . 2008-09-23 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> dr-hs---- C:\_Backup.RC
2008-09-23 21:21 . 2008-09-24 00:20 <DIR> d--h----- C:\_Backup
2008-09-23 21:19 . 2008-09-23 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Program Files\Avanquest
2008-09-23 21:10 . 2008-09-23 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 20:28 . 2008-09-23 20:36 921,005 --ahs---- C:\WINDOWS\system32\fcmlcxix.ini
2008-09-22 20:25 . 2008-09-22 20:25 99,328 --a------ C:\WINDOWS\system32\elbyvebf.dll
2008-09-22 14:28 . 2008-09-22 14:28 879,630 --ahs---- C:\WINDOWS\system32\ifvyfbwc.ini
2008-09-22 14:25 . 2008-09-22 14:25 113,152 --a------ C:\WINDOWS\system32\pgnvgrox.dll
2008-09-22 14:25 . 2008-09-22 14:25 113,152 --a------ C:\WINDOWS\system32\cguzet.dll
2008-09-22 14:23 . 2008-09-22 14:23 99,328 --a------ C:\WINDOWS\system32\ylxxhiob.dll
2008-09-22 14:19 . 2008-09-22 14:22 879,570 --ahs---- C:\WINDOWS\system32\gbkfunct.ini
2008-09-22 14:16 . 2008-09-26 10:33 876,630 --ahs---- C:\WINDOWS\system32\TAyJlUtv.ini2
2008-09-22 14:16 . 2008-09-26 10:34 876,630 --ahs---- C:\WINDOWS\system32\TAyJlUtv.ini
2008-09-22 14:16 . 2008-09-22 14:16 99,328 --a------ C:\WINDOWS\system32\baieqfob.dll
2008-09-22 14:10 . 2008-09-22 14:10 43,008 --a------ C:\WINDOWS\system32\ssqNHwTm.dll
2008-09-21 17:23 . 2004-08-30 21:00 365,568 --a------ C:\WINDOWS\system32\doskeys.exe
2008-09-21 17:23 . 2008-09-21 17:23 51,712 --a------ C:\WINDOWS\system32\dllhosts.exe
2008-09-21 17:23 . 2008-09-28 10:37 215 --a------ C:\WINDOWS\system32\Monitored2.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:53 --------- d-----w C:\Program Files\QuickTime
2008-09-28 16:31 --------- d-----w C:\Program Files\Zinio
2008-09-28 16:31 --------- d-----w C:\Program Files\iTunes
2008-09-28 16:31 --------- d-----w C:\Program Files\Digital Media Reader
2008-09-27 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-27 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 22:30 --------- d-----w C:\Program Files\xxx.xxx
2008-09-25 19:47 --------- d-----w C:\Program Files\Opera
2008-09-24 02:55 --------- d-----w C:\Program Files\Symantec
2008-09-24 02:28 --------- d-----w C:\Program Files\Photo Manager
2008-09-24 02:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-24 16:43 --------- d-----w C:\Program Files\Sun
2008-08-24 16:42 --------- d-----w C:\Program Files\Java
2008-03-26 15:20 228,336 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 01:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-12-18 18:20 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2002-07-26 22:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_12.33.38.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-09 15:50:42 155,648 -c--a-w C:\windows\system32\NeroCheck.exe
+ 2004-03-10 21:26:10 406,016 -c--a-w C:\windows\system32\PSDrvCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00BA82ED-AF2F-40BD-995C-320BBD6A509e}]
2008-09-27 18:26 155648 --a------ C:\windows\system32\qayfrxfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca3a2052-0769-4c60-a246-99628fb3eb7c}]
2008-09-28 09:44 111616 --a------ C:\windows\system32\agdryk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAA91B0C-B261-4328-B3C1-07F4E5D8F3E9}]
2008-09-27 18:05 253440 --a------ C:\windows\system32\tuvWmKeF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E538488B-36AB-42FF-8498-271810C9C599}]
2008-09-22 14:10 43008 --a------ C:\windows\system32\ssqNHwTm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [X]
"HostManager"="C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe" [2006-09-25 50736]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"LVCOMSX"="C:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"5417482f"="C:\windows\system32\lubrmqjd.dll" [2008-09-28 78848]
"BM57247bb3"="C:\windows\system32\euvcndwv.dll" [2008-09-28 105984]
"ShowWnd"="ShowWnd.exe" [2003-09-19 C:\WINDOWS\ShowWnd.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Services6"="dllhosts.exe" [2008-09-21 C:\WINDOWS\system32\dllhosts.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E538488B-36AB-42FF-8498-271810C9C599}"= "C:\windows\system32\ssqNHwTm.dll" [2008-09-22 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqNHwTm]
2008-09-22 14:10 43008 C:\WINDOWS\system32\ssqNHwTm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\windows\system32\DRIVERS\lstone2k.sys [2002-12-10 11:20]
R3 I97DRIVER;I97DRIVER;C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys [2007-08-31 11:18]
S1 MemAlloc;MemAlloc;C:\windows\system32\DRIVERS\memalloc.sys [2002-08-26 04:51]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2008-08-26 14:14]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17147075-1ead-11d9-bea6-806d6172696f}]
\Shell\AutoRun\command - F:\cdplayer.exe

*Newly Created Service* - MAILSCAN
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AOLAspSunset - C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 10:54:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\system32\winlogon.exe
-> C:\windows\system32\ssqNHwTm.dll

PROCESS: C:\windows\explorer.exe
-> C:\windows\system32\lubrmqjd.dll
-> C:\windows\system32\euvcndwv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-28 11:05:04 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-09-28 18:04:55
ComboFix2.txt 2008-09-27 19:36:10

Pre-Run: 117,386,391,552 bytes free
Post-Run: 117,369,040,896 bytes free

422 --- E O F --- 2008-09-10 10:01:09
 
What happens is this junk has the ability to morph and recreate itself and you had such a massive infection, it has done just that. The good news is it looks like AWF was removed.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\WINDOWS\system32\wvUljHAt.dll
C:\WINDOWS\system32\tuvWnoMf.dll
C:\WINDOWS\system32\djqmrbul.ini
C:\WINDOWS\system32\lubrmqjd.dll
C:\WINDOWS\system32\epktljnl.dll
C:\WINDOWS\system32\agdryk.dll
C:\WINDOWS\system32\euvcndwv.dll
C:\WINDOWS\system32\urqQhhIc.dll
C:\WINDOWS\system32\urqNDvsQ.dll
C:\WINDOWS\system32\xxyxWNGX.dll
C:\WINDOWS\system32\fccARHyy.dll
C:\WINDOWS\system32\xxyxusTl.dll
C:\WINDOWS\system32\awtsSlmL.dll
C:\WINDOWS\system32\qayfrxfo.dll
C:\WINDOWS\system32\ubtnypty.dll
C:\WINDOWS\system32\wfmfoavm.dll
C:\WINDOWS\system32\tklhyjjf.dll
C:\WINDOWS\system32\dmvjlulc.dll
C:\WINDOWS\system32\FeKmWvut.ini2
C:\WINDOWS\system32\FeKmWvut.ini
C:\WINDOWS\system32\tuvWmKeF.dll
C:\WINDOWS\system32\fcmlcxix.ini
C:\WINDOWS\system32\elbyvebf.dll
C:\WINDOWS\system32\ifvyfbwc.ini
C:\WINDOWS\system32\pgnvgrox.dll
C:\WINDOWS\system32\cguzet.dll
C:\WINDOWS\system32\ylxxhiob.dll
C:\WINDOWS\system32\gbkfunct.ini
C:\WINDOWS\system32\TAyJlUtv.ini2
C:\WINDOWS\system32\TAyJlUtv.ini
C:\WINDOWS\system32\baieqfob.dll
C:\WINDOWS\system32\ssqNHwTm.dll
C:\WINDOWS\system32\doskeys.exe
C:\WINDOWS\system32\dllhosts.exe
C:\WINDOWS\system32\Monitored2.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00BA82ED-AF2F-40BD-995C-320BBD6A509e}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca3a2052-0769-4c60-a246-99628fb3eb7c}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAA91B0C-B261-4328-B3C1-07F4E5D8F3E9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E538488B-36AB-42FF-8498-271810C9C599}]

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Thanks
 
ComboFix 08-09-26.06 - Owner 2008-09-28 11:58:52.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\agdryk.dll
C:\WINDOWS\system32\awtsSlmL.dll
C:\WINDOWS\system32\baieqfob.dll
C:\WINDOWS\system32\cguzet.dll
C:\WINDOWS\system32\djqmrbul.ini
C:\WINDOWS\system32\dllhosts.exe
C:\WINDOWS\system32\dmvjlulc.dll
C:\WINDOWS\system32\doskeys.exe
C:\WINDOWS\system32\elbyvebf.dll
C:\WINDOWS\system32\epktljnl.dll
C:\WINDOWS\system32\euvcndwv.dll
C:\WINDOWS\system32\fccARHyy.dll
C:\WINDOWS\system32\fcmlcxix.ini
C:\WINDOWS\system32\FeKmWvut.ini
C:\WINDOWS\system32\FeKmWvut.ini2
C:\WINDOWS\system32\gbkfunct.ini
C:\WINDOWS\system32\ifvyfbwc.ini
C:\WINDOWS\system32\lubrmqjd.dll
C:\WINDOWS\system32\Monitored2.dat
C:\WINDOWS\system32\pgnvgrox.dll
C:\WINDOWS\system32\qayfrxfo.dll
C:\WINDOWS\system32\ssqNHwTm.dll
C:\WINDOWS\system32\TAyJlUtv.ini
C:\WINDOWS\system32\TAyJlUtv.ini2
C:\WINDOWS\system32\tklhyjjf.dll
C:\WINDOWS\system32\tuvWmKeF.dll
C:\WINDOWS\system32\tuvWnoMf.dll
C:\WINDOWS\system32\ubtnypty.dll
C:\WINDOWS\system32\urqNDvsQ.dll
C:\WINDOWS\system32\urqQhhIc.dll
C:\WINDOWS\system32\wfmfoavm.dll
C:\WINDOWS\system32\wvUljHAt.dll
C:\WINDOWS\system32\xxyxusTl.dll
C:\WINDOWS\system32\xxyxWNGX.dll
C:\WINDOWS\system32\ylxxhiob.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\BM57247bb3.txt
C:\windows\pskt.ini
C:\WINDOWS\system32\agdryk.dll
C:\WINDOWS\system32\awtsSlmL.dll
C:\WINDOWS\system32\baieqfob.dll
C:\WINDOWS\system32\cguzet.dll
C:\WINDOWS\system32\djqmrbul.ini
C:\WINDOWS\system32\dllhosts.exe
C:\WINDOWS\system32\dmvjlulc.dll
C:\WINDOWS\system32\doskeys.exe
C:\WINDOWS\system32\elbyvebf.dll
C:\WINDOWS\system32\epktljnl.dll
C:\WINDOWS\system32\euvcndwv.dll
C:\WINDOWS\system32\fccARHyy.dll
C:\WINDOWS\system32\fcmlcxix.ini
C:\WINDOWS\system32\FeKmWvut.ini
C:\WINDOWS\system32\FeKmWvut.ini2
C:\WINDOWS\system32\gbkfunct.ini
C:\WINDOWS\system32\ifvyfbwc.ini
C:\WINDOWS\system32\lubrmqjd.dll
C:\WINDOWS\system32\Monitored2.dat
C:\WINDOWS\system32\pgnvgrox.dll
C:\WINDOWS\system32\qayfrxfo.dll
C:\WINDOWS\system32\ssqNHwTm.dll
C:\WINDOWS\system32\TAyJlUtv.ini
C:\WINDOWS\system32\TAyJlUtv.ini2
C:\WINDOWS\system32\tklhyjjf.dll
C:\WINDOWS\system32\tuvWmKeF.dll
C:\WINDOWS\system32\tuvWnoMf.dll
C:\WINDOWS\system32\ubtnypty.dll
C:\WINDOWS\system32\urqNDvsQ.dll
C:\WINDOWS\system32\urqQhhIc.dll
C:\WINDOWS\system32\wfmfoavm.dll
C:\WINDOWS\system32\wvUljHAt.dll
C:\WINDOWS\system32\xxyxusTl.dll
C:\WINDOWS\system32\xxyxWNGX.dll
C:\WINDOWS\system32\ylxxhiob.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-28 11:52 . 2008-09-28 11:52 42,496 --a------ C:\WINDOWS\system32\pmnkIAsT.dll
2008-09-28 11:52 . 2008-09-28 11:52 42,496 --a------ C:\WINDOWS\system32\mlJBRKBT.dll
2008-09-28 11:34 . 2008-09-28 11:34 42,496 --a------ C:\WINDOWS\system32\ssqNebbC.dll
2008-09-28 11:34 . 2008-09-28 11:34 42,496 --a------ C:\WINDOWS\system32\jkkLCTMd.dll
2008-09-28 11:20 . 2008-09-28 11:20 988,183 --ahs---- C:\WINDOWS\system32\ugdolddn.ini
2008-09-28 11:20 . 2008-09-28 11:20 78,848 --a------ C:\WINDOWS\system32\nddlodgu.dll
2008-09-28 11:17 . 2008-09-28 11:17 111,616 --a------ C:\WINDOWS\system32\wcroxkgf.dll
2008-09-28 11:17 . 2008-09-28 11:17 111,616 --a------ C:\WINDOWS\system32\kpselq.dll
2008-09-28 11:15 . 2008-09-28 11:15 105,984 --a------ C:\WINDOWS\system32\ovdymmck.dll
2008-09-28 11:14 . 2008-09-28 11:14 155,648 --a------ C:\WINDOWS\system32\fpressbt.dll
2008-09-28 11:12 . 2008-09-28 11:12 105,984 --a------ C:\WINDOWS\system32\jryqscdn.dll
2008-09-28 11:11 . 2008-09-28 11:59 875,392 --ahs---- C:\WINDOWS\system32\FPXaayay.ini2
2008-09-28 11:11 . 2008-09-28 11:11 254,464 --a------ C:\WINDOWS\system32\yayaaXPF.dll
2008-09-28 11:11 . 2008-09-28 11:59 533 --ahs---- C:\WINDOWS\system32\FPXaayay.ini
2008-09-28 11:05 . 2008-09-28 11:05 0 --a------ C:\WINDOWS\BM57247bb3.xml
2008-09-26 17:58 . 2008-09-27 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 10:28 . 2008-09-27 08:57 427 --a------ C:\WINDOWS\wininit.ini
2008-09-26 07:19 . 2008-09-26 07:19 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-25 13:46 . 2007-08-13 18:45 78,336 --a--c--- C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-25 13:00 . 2008-09-25 13:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-23 21:26 . 2008-09-23 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> dr-hs---- C:\_Backup.RC
2008-09-23 21:21 . 2008-09-24 00:20 <DIR> d--h----- C:\_Backup
2008-09-23 21:19 . 2008-09-23 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Program Files\Avanquest
2008-09-23 21:10 . 2008-09-23 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 17:53 --------- d-----w C:\Program Files\Zinio
2008-09-28 17:53 --------- d-----w C:\Program Files\QuickTime
2008-09-28 17:53 --------- d-----w C:\Program Files\iTunes
2008-09-28 17:53 --------- d-----w C:\Program Files\Digital Media Reader
2008-09-27 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-27 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 22:30 --------- d-----w C:\Program Files\xxx.xxx
2008-09-25 19:47 --------- d-----w C:\Program Files\Opera
2008-09-24 02:55 --------- d-----w C:\Program Files\Symantec
2008-09-24 02:28 --------- d-----w C:\Program Files\Photo Manager
2008-09-24 02:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-24 16:43 --------- d-----w C:\Program Files\Sun
2008-08-24 16:42 --------- d-----w C:\Program Files\Java
2008-08-22 18:00 29,600 ----a-w C:\windows\system32\mxntdfg.exe
2008-08-06 00:55 265,720 ----a-w C:\windows\system32\msdbg2.dll
2008-07-19 05:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-09 00:10 129,784 ----a-w C:\windows\system32\pxafs.dll
2008-07-09 00:09 118,520 ----a-w C:\windows\system32\pxinsi64.exe
2008-07-09 00:09 116,472 ----a-w C:\windows\system32\pxcpyi64.exe
2008-07-07 20:32 253,952 ----a-w C:\windows\system32\es.dll
2008-03-26 15:20 228,336 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 01:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-12-18 18:20 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2002-07-26 22:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_12.33.38.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-09 15:50:42 155,648 -c--a-w C:\windows\system32\NeroCheck.exe
+ 2004-03-10 21:26:10 406,016 -c--a-w C:\windows\system32\PSDrvCheck.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0079011D-F981-4249-9D8D-1F6E65FC597b}]
2008-09-28 11:14 155648 --a------ C:\windows\system32\fpressbt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BCFB77-4347-4781-B2DD-36FE0B085402}]
2008-09-28 11:11 254464 --a------ C:\windows\system32\yayaaXPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ba9c449-51be-4b95-9cd4-f2c66085e149}]
2008-09-28 11:17 111616 --a------ C:\windows\system32\kpselq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [X]
"HostManager"="C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe" [2006-09-25 50736]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"LVCOMSX"="C:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"5417482f"="C:\windows\system32\nddlodgu.dll" [2008-09-28 78848]
"BM57247bb3"="C:\windows\system32\ovdymmck.dll" [2008-09-28 105984]
"ShowWnd"="ShowWnd.exe" [2003-09-19 C:\WINDOWS\ShowWnd.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kpselq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\windows\system32\DRIVERS\lstone2k.sys [2002-12-10 11:20]
R3 I97DRIVER;I97DRIVER;C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys [2007-08-31 11:18]
S1 MemAlloc;MemAlloc;C:\windows\system32\DRIVERS\memalloc.sys [2002-08-26 04:51]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2008-08-26 14:14]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17147075-1ead-11d9-bea6-806d6172696f}]
\Shell\AutoRun\command - F:\cdplayer.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Explorer_Run-NT Printing Services6 - dllhosts.exe
Notify-ssqNHwTm - ssqNHwTm.dll



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 12:09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe
-> C:\windows\system32\nddlodgu.dll
-> C:\windows\system32\ovdymmck.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-28 12:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 19:17:49
ComboFix2.txt 2008-09-28 18:05:06
ComboFix3.txt 2008-09-27 19:36:10

Pre-Run: 117,438,722,048 bytes free
Post-Run: 117,410,906,112 bytes free

241 --- E O F --- 2008-09-10 10:01:09
 
Malwarebytes' Anti-Malware 1.28
Database version: 1221
Windows 5.1.2600 Service Pack 2

9/28/2008 1:36:47 PM
mbam-log-2008-09-28 (13-36-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 147993
Time elapsed: 55 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 199

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\nddlodgu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ovdymmck.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kpselq.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30bcfb77-4347-4781-b2dd-36fe0b085402} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30bcfb77-4347-4781-b2dd-36fe0b085402} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ba9c449-51be-4b95-9cd4-f2c66085e149} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ba9c449-51be-4b95-9cd4-f2c66085e149} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0079011d-f981-4249-9d8d-1f6e65fc597b} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0079011d-f981-4249-9d8d-1f6e65fc597b} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5417482f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm57247bb3 (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayaaXPF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FPXaayay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FPXaayay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpselq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nddlodgu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ugdolddn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fpressbt.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovdymmck.dll (Trojan.Vundo) -> Delete on reboot.
C:\QooBox\Quarantine\C\WINDOWS\system32\agdryk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\akcskd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\baieqfob.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\blqsdmbn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\btedxycx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bwfytjkn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cdezcp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cguzet.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dldjdgpb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dmvjlulc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dowdrmdm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\frjdpkfp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gcfkfrvj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gogtflpg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gsybahph.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hejwhasx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hfbpzu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hijyqy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hjrcmntv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hohqil.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hpepyvtt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\htyoltvx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hucofkti.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hxwaap.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iacgms.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jahxmi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jbksnxhl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jdsyhtrr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jflphxuo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jihrwqmq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kesxfccs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\knvknwjd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kugnlc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kxkgphkq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kyikvrpi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\leulfi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lubrmqjd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mcsfqram.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mcuiivho.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mdldtxkb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mdygoxfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mskqmb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nghlvivg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\njslkici.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nmemoh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnicsm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nrvprgka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ntcxws.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\oikednnm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\onlbgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pahqhe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pbbwacnk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pgnvgrox.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\phmkln.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pwhepwsr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qayfrxfo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qkiizc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qlnbcmqq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qtpfopgn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rcajwmty.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rcuiue.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rgkjuxjs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sdxhrljf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\swlhpwhw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sxksoonm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tchsnqii.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tehogmas.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tklhyjjf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tmgaebio.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ubtnypty.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ujyjlj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vfexxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vhypgmdj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vobkrdoi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vppgnbit.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vsalhfng.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wfmfoavm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\winigqrs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xacykm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xcbwtqed.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xjbmwcgl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ylxxhiob.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yvwepumr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\zewzrl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\elbyvebf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\epktljnl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\epttasrt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\eqlrtjwc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\euvcndwv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\eysijgoc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ffmlux.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000324.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP4\A0000325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001322.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001323.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001326.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001329.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001332.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP8\A0001336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcroxkgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jryqscdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLCTMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkIAsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBRKBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNebbC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM57247bb3.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM57247bb3.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:51 PM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O20 - AppInit_DLLs: kpselq.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7464 bytes
 
Too much junk for me to look at, look here in the combofix log you just posted:
Files Created from 2008-08-28 to 2008-09-28, See when these files were created
2008-09-28 11:52 . 2008-09-28 11:52 42,496 --a------ C:\WINDOWS\system32\pmnkIAsT.dll
2008-09-28 11:52 . 2008-09-28 11:52 42,496 --a------ C:\WINDOWS\system32\mlJBRKBT.dll
2008-09-28 11:34 . 2008-09-28 11:34 42,496 --a------ C:\WINDOWS\system32\ssqNebbC.dll
2008-09-28 11:34 . 2008-09-28 11:34 42,496 --a------ C:\WINDOWS\system32\jkkLCTMd.dll
There is more I am only showing you four so you can see the time and date so you know what we are up against.

I will give this a try:

1) Delete the version of combofix you have on the computer for now.

2) C:\QooBox\Quarantine\ <<< make sure you delete the Qoobox which contains the quarantine folder will all of the bad files combofix has removed so far.

3) Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4) Update MBAM to make sure you have the very latest database.

5) Boot the computer into safe mode:
http://spyware-free.us/tutorials/safemode/
Scan while in safe mode with MBAM: Start MBAM > Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

tell me how the computer is running.

Thanks
 
There was nothing found by Malwarebytes in safe mode. So I have no log, I guess? It ran for over 4 hrs. The computer seems to be running faster. I dont use IE, so I don't know if it is working or has those stupid popups.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:41 PM, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...28/&filename=jinstall-6u7-windows-i586-jc.cab
O20 - AppInit_DLLs: kpselq.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7464 bytes
 
Not much showing in the HJT log, you said:
There was nothing found by Malwarebytes in safe mode. So I have no log, I guess? It ran for over 4 hrs.
Click to expand...
Takes one hour on my computers, how are your maintenance proceedures, when did you Check for Disk Errors last?
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx
When did you defrag your drives last?
http://support.microsoft.com/kb/314848
How must RAM is installed on this computer?
Right click MyComputer then click Properties. On the General tab in the lower right corner is the RAM, post that information.
I dont use IE, so I don't know if it is working or has those stupid popups.
Click to expand...
I would like to see the results of this scan and it only runs on IE, you do have IE installed on the computer.
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here along with the RAM count and any other information I requested.

Thanks
 
I have 504 MB Ram.

I don't think I have ever run Check disk for errors. I just did it and it seemed to run fine. It didnt say there was any problems, but I dont know if it would tell me.

Defrag was done last week.

I was unable to get Kaspersky to run. It kept telling me that I needed Java 1.5 or later. When I go to the Java page, it says that I am updated to the most current version.
 
I have 504 MB Ram.
Click to expand...
That is not too much, if you are running any resource intense games or programs it might not be enough. I use my computer for basic computing and I have 1.25 MB's.

I was unable to get Kaspersky to run. It kept telling me that I needed Java 1.5 or later. When I go to the Java page, it says that I am updated to the most current version.
Click to expand...
I need to see this scan result, you have Java version C:\Program Files\Java\jre1.6.0_07\
so continue to try to run it, make sure you are using Internet Explorer.

How is the computer running? Evidence of malware?
 
I have tried and tried to get past that screen, but it will not let me because it does not think I have Java installed.
"You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0."

Is there something else I can try?
 
How is the computer running? Evidence of malware?
Click to expand...

Please provide the information I request.

Please make sure you have no old version of combofix on the computer, then do this:

It is important that it is saved directly to your Desktop.

Download ComboFix from Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.
 
computer is running fast however still have some issues with downloading things or getting them to work like kasperkey. here are the logs

ComboFix 08-09-30.03 - Owner 2008-09-30 22:37:43.5 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-09-29 22:01 . 2008-09-29 22:01 <DIR> d-------- C:\fsaua.data
2008-09-28 14:52 . 2008-09-28 14:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-28 14:51 . 2004-08-19 18:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-09-28 14:51 . 2004-08-19 18:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-09-28 14:51 . 2004-08-19 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-28 14:51 . 2004-08-19 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-09-28 14:51 . 2008-09-28 14:51 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-28 12:26 . 2008-09-28 12:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 12:26 . 2008-09-28 12:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-28 12:26 . 2008-09-28 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 12:26 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 12:26 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-26 17:58 . 2008-09-27 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 10:28 . 2008-09-27 08:57 427 --a------ C:\WINDOWS\wininit.ini
2008-09-26 07:19 . 2008-09-26 07:19 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-25 13:46 . 2007-08-13 18:45 78,336 --a--c--- C:\WINDOWS\system32\dllcache\ieencode.dll
2008-09-25 13:00 . 2008-09-25 13:00 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-09-23 21:27 . 2008-09-23 21:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-23 21:26 . 2008-09-23 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-23 21:21 . 2008-09-23 21:21 <DIR> dr-hs---- C:\_Backup.RC
2008-09-23 21:21 . 2008-09-24 00:20 <DIR> d--h----- C:\_Backup
2008-09-23 21:19 . 2008-09-23 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avanquest
2008-09-23 21:14 . 2008-09-23 21:14 <DIR> d-------- C:\Program Files\Avanquest
2008-09-23 21:10 . 2008-09-23 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 15:23 --------- d-----w C:\Program Files\Java
2008-09-28 17:53 --------- d-----w C:\Program Files\Zinio
2008-09-28 17:53 --------- d-----w C:\Program Files\QuickTime
2008-09-28 17:53 --------- d-----w C:\Program Files\iTunes
2008-09-28 17:53 --------- d-----w C:\Program Files\Digital Media Reader
2008-09-27 03:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-09-27 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-26 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-25 22:30 --------- d-----w C:\Program Files\xxx.xxx
2008-09-25 19:47 --------- d-----w C:\Program Files\Opera
2008-09-24 02:55 --------- d-----w C:\Program Files\Symantec
2008-09-24 02:28 --------- d-----w C:\Program Files\Photo Manager
2008-09-24 02:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-24 16:43 --------- d-----w C:\Program Files\Sun
2008-08-22 18:00 29,600 ----a-w C:\windows\system32\mxntdfg.exe
2008-08-06 00:55 265,720 ----a-w C:\windows\system32\msdbg2.dll
2008-07-19 05:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-09 00:10 129,784 ----a-w C:\windows\system32\pxafs.dll
2008-07-09 00:09 118,520 ----a-w C:\windows\system32\pxinsi64.exe
2008-07-09 00:09 116,472 ----a-w C:\windows\system32\pxcpyi64.exe
2008-07-07 20:32 253,952 ----a-w C:\windows\system32\es.dll
2008-03-26 15:20 228,336 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-09 01:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-12-18 18:20 0 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2002-07-26 22:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\windows\system32\dumprep 0 -u" [X]
"HostManager"="C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe" [2006-09-25 50736]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"LVCOMSX"="C:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 67488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ShowWnd"="ShowWnd.exe" [2003-09-19 C:\WINDOWS\ShowWnd.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kpselq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\windows\system32\DRIVERS\lstone2k.sys [2002-12-10 11:20]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
R3 I97DRIVER;I97DRIVER;C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys [2007-08-31 11:18]
S1 MemAlloc;MemAlloc;C:\windows\system32\DRIVERS\memalloc.sys [2002-08-26 04:51]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
S2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2008-08-26 14:14]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17147075-1ead-11d9-bea6-806d6172696f}]
\Shell\AutoRun\command - F:\cdplayer.exe

*Newly Created Service* - MAILSCAN
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 22:41:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-30 22:47:21
ComboFix-quarantined-files.txt 2008-10-01 05:46:14
ComboFix2.txt 2008-09-28 19:18:01

Pre-Run: 117,091,368,960 bytes free
Post-Run: 117,225,185,280 bytes free

131 --- E O F --- 2008-09-29 07:31:42


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:52 PM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\windows\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191778237\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LVCOMSX] C:\windows\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...4c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: kpselq.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Fix-It Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7714 bytes
 
Thanks for the feedback, let's do this:

Open notepad and copy/paste the text in the codebox below into it:

Code: 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This may start ComboFix again. I do not need the log from CFScript, we are removing a registry leftover only.

This is next:

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

RC1-4.gif


Since we do not need to scan with combofix, click NO

RC_whatnext.gif



RC_AllDone.gif


Thanks

You said:
however still have some issues with downloading things or getting them to work like kasperkey.
Click to expand...
This is not a malware problem, we will finish soon and I will post links to a couple of good free forums where you can get help with Windows XP issues.
 
Last edited:
Im not sure i need that i have my gateway restore dvd. This contains the rc shouldnt it? It says applications, drivers and operating system. If you think it does not contain then let me know and i will install.
 
It is up to you but OEM restore disks, usually do not. If you do not wish to install Recovery Console, then let's finish like this.

Remove combofix from the computer like this:


Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
 
Thankyou again for your help, I just wanted to tell you that last night i ran a fsecure scan because i could not get kasperkey to work. any way i used interned explore. it took about 6hrs and right before it ended it stopped scanning and said something about internet explorer has occurred a error. It showed that i had 1300 virus and 12 spyware and skipped 65. Is that a issue i should be aware of or not.
 
That sucks! I need to back up stuff how can i be sure that the files i back up wont infect me once the computer is reformatted?
 
Status
Not open for further replies.
Back
Top