Vitrumonde Infection

Status
Not open for further replies.
N

NatMM

New member
H! i've been having a horrible time getting rid of virtumonde. I've ran spybot and vundofix but it keeps on coming back. From what i've read on other posts here i'll definatly need some help getting rid of it forever. This is my hijackthis log. I also tried kaspersky but nothing seems to happen when I click the 'accept' button when i use the online scanner, so this is all i have for now.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:54 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser .exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\system32\rhvtdjmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstq.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon .exe" -autorun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\rhvtdjmp.exe

--
End of file - 3404 bytes
 
Hi

You have the vundo legitimate file infector, spybot's teatimer is one of the files infected, but don't try to do anything with it ...

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

THEN ...

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Please remember to post :-


1. SUPERAntiSpyware Scan Log
2. C:\ComboFix.txt
3. a new hijackthis log.( run after everything else)

steam
 
Hi, thank you for your help so far. I've downloaded Superantispyware, however, after doing a complete scan and rebooting my computer, while windows was loading i got a bluescreen and it crashed, rebooted, crashed while loading, etc etc. I've booted in safe mode and I didn't want to move on to the next step without checking first that this is ok, well obviously not, but if it is ok to continue (and also ok to run Combofix in safe mode). I did get the log from Superantispyware though, so here that is if it helps. Im turning off my laptop now and will check back tommorow! Thanks again.

I will post the superantispyware log in a seperate post because it's too long to add on the end of this one.
 
It seems that the whole log is too long for one post so i will cut it in half(ish).

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/24/2008 at 11:21 PM

Application Version : 3.9.1008

Core Rules Database Version : 3387
Trace Rules Database Version: 1381

Scan type : Complete Scan
Total Scan Time : 01:44:24

Memory items scanned : 366
Memory threats detected : 10
Registry items scanned : 3627
Registry threats detected : 27
File items scanned : 68613
File threats detected : 338

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\VTSTQ.DLL
C:\WINDOWS\SYSTEM32\VTSTQ.DLL
HKLM\Software\Classes\CLSID\{BE62AA96-94AD-475A-9993-FB7E52EA77C3}
HKCR\CLSID\{BE62AA96-94AD-475A-9993-FB7E52EA77C3}
HKCR\CLSID\{BE62AA96-94AD-475A-9993-FB7E52EA77C3}\InprocServer32
HKCR\CLSID\{BE62AA96-94AD-475A-9993-FB7E52EA77C3}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE62AA96-94AD-475A-9993-FB7E52EA77C3}

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\OLPQFOFB.DLL
C:\WINDOWS\SYSTEM32\OLPQFOFB.DLL
HKLM\Software\Classes\CLSID\{bf557f90-6625-4b54-bafa-c8f0fcb8b0a8}
HKCR\CLSID\{BF557F90-6625-4B54-BAFA-C8F0FCB8B0A8}
HKCR\CLSID\{BF557F90-6625-4B54-BAFA-C8F0FCB8B0A8}\InprocServer32
HKCR\CLSID\{BF557F90-6625-4B54-BAFA-C8F0FCB8B0A8}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf557f90-6625-4b54-bafa-c8f0fcb8b0a8}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP448\A0137636.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP449\A0137686.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP449\A0137689.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137745.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137793.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137796.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0141791.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0141796.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144805.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144807.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144809.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144810.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144823.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144825.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144826.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144827.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144829.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144830.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\EAWQGRMJ.DLL
C:\WINDOWS\SYSTEM32\EAWQGRMJ.DLL

Trojan.Vundo/Variant-Installer/A
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\LG SOFTWARE\BATTERY MISER 2005\BATTERYMISER.EXE
C:\PROGRAM FILES\LG SOFTWARE\BATTERY MISER 2005\BATTERYMISER.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE
C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
[ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
[batterymiser] C:\PROGRAM FILES\LG SOFTWARE\BATTERY MISER 2005\BATTERYMISER.EXE
[SynTPLpr] C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
[SynTPEnh] C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
[SunJavaUpdateSched] C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE
[SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\batterymiser.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\batterymiser.exe#Path
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CFD.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CFD.exe#Path
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX51.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX54.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX57.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX5A.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX5B.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX5D.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX60.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX61.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX64.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX65.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX68.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX6B.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX6C.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX6E.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX71.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX7A.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX7D.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX80.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX83.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX86.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX89.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX8C.TMP
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\RCX95.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX105.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX11.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX14.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX17.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX1A.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX1D.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX20.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX22.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX24.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX2A.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX2B.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX2E.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX31.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX34.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX37.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX3A.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX4BD.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX4D7.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX4E4.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX4F1.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX504.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX512.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX51E.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX8D2.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX8E7.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX8F3.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX903.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX913.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX91F.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCX92C.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXB.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXB8.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXCF.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXD0.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXD5.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXD8.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXDB.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXDE.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXDF.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXE.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXE1.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXEE.TMP
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMP\RCXF8.TMP
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\DAEMON TOOLS LITE\DAEMON.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\LG SOFTWARE\ON SCREEN DISPLAY\HOTKEY.EXE
C:\PROGRAM FILES\LG_SWUPDATE\AUTOUPDATE.EXE
C:\PROGRAM FILES\SYMNETDRV\SNDMON.EXE
 
(The first line from this log was the next line from the log in the previous post.)


C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146842.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146843.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146844.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146845.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146846.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146848.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146849.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146850.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146851.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146852.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146853.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146854.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146855.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146856.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146857.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147841.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147843.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147844.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147845.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147846.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147848.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147849.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147850.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147851.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147852.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147853.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147854.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147855.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147856.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147857.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147929.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147930.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147933.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147934.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147936.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147937.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147938.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147939.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147940.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147941.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147942.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147943.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147944.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147945.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147946.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148061.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148062.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148064.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148067.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148068.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148069.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148084.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148086.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148087.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148088.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148089.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148090.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148091.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148092.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148186.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP1\A0000153.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP1\A0000232.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP1\A0000243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001217.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001220.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001221.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001222.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001240.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001242.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001244.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001245.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001311.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001315.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001316.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001317.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001318.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001321.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001324.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002304.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002305.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002306.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002308.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002309.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003304.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003305.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003306.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003308.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003309.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000773.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000818.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000828.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000848.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000867.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000926.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000927.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001023.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001035.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001037.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001038.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001096.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001098.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001099.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001100.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001101.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001128.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001129.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001130.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001132.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001133.EXE
C:\WINDOWS\Prefetch\ATIPTAXX.EXE-18FE8D8B.pf
C:\WINDOWS\Prefetch\BATTERYMISER.EXE-00E9EA19.pf
C:\WINDOWS\Prefetch\CFD.EXE-3580EFD4.pf
C:\WINDOWS\Prefetch\DAEMON.EXE-208767E0.pf
C:\WINDOWS\Prefetch\JUSCHED.EXE-287286E1.pf
C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf
C:\WINDOWS\Prefetch\SYNTPLPR.EXE-28BB9F3B.pf
C:\WINDOWS\Prefetch\TEATIMER.EXE-1F57E47A.pf

Adware.eZula
C:\WINDOWS\SYSTEM32\RHVTDJMP.EXE
C:\WINDOWS\SYSTEM32\RHVTDJMP.EXE
C:\WINDOWS\Prefetch\RHVTDJMP.EXE-19766B95.pf

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\VTSTQ.EXE
C:\WINDOWS\SYSTEM32\VTSTQ.EXE
[load] C:\WINDOWS\SYSTEM32\VTSTQ.EXE
[load] C:\WINDOWS\SYSTEM32\VTSTQ.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0146859.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147859.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP453\A0147947.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148070.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP454\A0148093.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP11\A0001224.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001249.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0002310.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP13\A0003310.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000774.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000820.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP4\A0000830.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000849.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP5\A0000929.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP8\A0001042.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001102.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP9\A0001134.EXE

Trojan.Downloader-Gen/DDC
HKLM\System\ControlSet001\Services\DomainService
HKLM\System\ControlSet002\Services\DomainService
HKLM\System\CurrentControlSet\Services\DomainService
C:\DOCUMENTS AND SETTINGS\NAT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YOEEELMQ\GAMADRIL20071203[1]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP451\A0137889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP451\A0137890.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144806.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144808.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144811.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144812.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144813.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144814.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144824.EXE

Trojan.Rustock/LZX32
C:\WINDOWS\system32:lzx32.sys
 
(The first line from this log was the next line from the log in the previous post. This is the third and final part. It was longer than i thought! sorry.)


Adware.Tracking Cookie
C:\Documents and Settings\Admin\Cookies\admin@ad.zanox[1].txt
C:\Documents and Settings\Admin\Cookies\admin@ads.aol.co[2].txt
C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt
C:\Documents and Settings\Admin\Cookies\admin@atwola[1].txt
C:\Documents and Settings\Admin\Cookies\admin@inteletrack[2].txt
C:\Documents and Settings\Admin\Cookies\admin@login.tracking101[2].txt
C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt
C:\Documents and Settings\Admin\Cookies\admin@revsci[2].txt
C:\Documents and Settings\Admin\Cookies\admin@tacoda[1].txt
C:\Documents and Settings\Enter\Cookies\enter@122.2o7[2].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.adnetwork.com[2].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.bannerconnect[1].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.chicas[1].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.firstadsolution[2].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.msn.co[1].txt
C:\Documents and Settings\Enter\Cookies\enter@ad.yieldmanager[2].txt
C:\Documents and Settings\Enter\Cookies\enter@adopt.hbmediapro[2].txt
C:\Documents and Settings\Enter\Cookies\enter@ads.abril.com[1].txt
C:\Documents and Settings\Enter\Cookies\enter@ads.aol.co[2].txt
C:\Documents and Settings\Enter\Cookies\enter@ads.us.e-planning[1].txt
C:\Documents and Settings\Enter\Cookies\enter@ads1.mediaops.com[1].txt
C:\Documents and Settings\Enter\Cookies\enter@adultfriendfinder[1].txt
C:\Documents and Settings\Enter\Cookies\enter@atwola[2].txt
C:\Documents and Settings\Enter\Cookies\enter@belnk[1].txt
C:\Documents and Settings\Enter\Cookies\enter@c.enhance[1].txt
C:\Documents and Settings\Enter\Cookies\enter@dist.belnk[2].txt
C:\Documents and Settings\Enter\Cookies\enter@dsml.clickexperts[2].txt
C:\Documents and Settings\Enter\Cookies\enter@interclick[2].txt
C:\Documents and Settings\Enter\Cookies\enter@msnportal.112.2o7[1].txt
C:\Documents and Settings\Enter\Cookies\enter@opodo.122.2o7[1].txt
C:\Documents and Settings\Enter\Cookies\enter@sexo.sexobanners[1].txt
C:\Documents and Settings\Enter\Cookies\enter@sexyclube.uol.com[1].txt
C:\Documents and Settings\Enter\Cookies\enter@tacoda[1].txt
C:\Documents and Settings\Enter\Cookies\enter@www.1sexogratis[1].txt

Unclassified.Unknown Origin/System
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\APPLICATION DATA\24571D19.EXE

Adware.Lop-Gen
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\BIS130.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\BIS21.EXE
C:\PROGRAM FILES\DOWNLOAD PLUGIN\DLPLUGIN-MOZ\BUDDY.EXE

Adware.IST/ISTBar (Slotch Bar)
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\IINSTALL13802.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\IINSTALL23125.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\IINSTALL23274.EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\MOFUGCLQ.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\QRJATYDI.EXE

Trojan.Downloader-Gen/ICM
C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\MSN.EXE

Adware.Vundo-Variant/B
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP446\A0137513.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP446\A0137548.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP448\A0137633.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP448\A0137635.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP449\A0137685.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP449\A0137688.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137744.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137792.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP450\A0137795.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0138792.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0141793.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0141795.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FABCF38-B20E-4945-B347-4FC99F744436}\RP452\A0144828.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP12\A0001291.DLL

Trojan.NewDotNet-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP1\A0000131.EXE

Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FFEFA91E-5588-4CFA-B210-714E47D0876A}\RP1\A0000134.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\0L2RCXMJ\CA10CVHH.htm
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\ODMZ4XEZ\errorhandler[1].htm
 
Hi again. when I got home and started up my laptop it booted fine, so I continued with the steps you mentioned. As i've already posted the superantispyware log, i'll not only post the combofix and hijackthis logs.
 
ComboFix 08-01-23.1C - Nat 2008-01-25 13:28:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.222 [GMT 0:00]
Running from: C:\Documents and Settings\Nat\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Nat\My Documents\pos2C2.tmp

** Inbetween the files above and below this were ALOT of other files just like these two with a slight difference in ending numbers and letters. I deleted them from this post since with them, this log is 125047 characters long and the limit is only 20000. If you want i can repost this log with all the .tmp files included.

C:\Documents and Settings\Nat\My Documents\posCD0.tmp
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\download plugin\DlPlugin-Moz\npdlplug.dll
C:\Program Files\download plugin\DlPlugin-Moz\setup2.exe
C:\Program Files\download plugin\DlPlugin-Moz\vendor.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\windows

----- BITS: Possible infected sites -----

hxxp://go.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:15 . 2008-01-24 23:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:33 . 2008-01-24 14:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 09:22 . 2008-01-24 12:54 414 ---hs---- C:\WINDOWS\system32\bfofqplo.ini
2008-01-23 21:13 . 2008-01-23 21:13 149 --a------ C:\WINDOWS\wininit.ini
2008-01-23 14:57 . 2008-01-23 14:57 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-22 19:35 . 2008-01-22 19:35 <DIR> d-------- C:\Program Files\Azureus
2008-01-22 18:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:38 . 2008-01-24 19:37 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-22 14:38 . 2008-01-24 19:37 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-22 14:38 . 2008-01-24 19:37 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-22 14:36 . 2008-01-24 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-22 14:10 . 2008-01-22 14:10 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 14:02 . 2008-01-22 14:02 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-01-22 13:56 . 2005-06-20 14:53 159,825 --a------ C:\WINDOWS\system32\STAC97.CPL
2008-01-22 13:51 . 2005-06-25 23:09 114,688 --a------ C:\WINDOWS\system32\bmpsap.dll
2008-01-22 13:51 . 2005-05-14 11:12 7,552 --a------ C:\WINDOWS\system32\drivers\lgsnd_filter.sys
2008-01-22 13:50 . 2008-01-22 13:50 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-01-22 13:40 . 2008-01-22 13:46 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 13:37 . 2005-03-10 10:52 58,521 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-01-22 13:37 . 2001-11-09 11:01 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2008-01-22 13:37 . 2005-06-08 07:26 21,360 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-01-22 13:37 . 2005-04-07 11:20 900 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-01-22 13:22 . 2005-06-03 09:37 15,104 --a------ C:\WINDOWS\system32\drivers\Ndisipo.sys
2008-01-21 20:44 . 2008-01-21 20:44 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-01-21 20:42 . 2008-01-21 20:42 <DIR> d-------- C:\Program Files\AC3Filter
2008-01-21 20:42 . 2007-08-18 07:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\DivXa32.acm
2008-01-21 20:41 . 2002-03-17 12:17 2,634 --a------ C:\DivXAudioCompressor4.02.inf
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-21 20:13 . 2008-01-21 20:12 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-21 20:12 . 2008-01-21 20:12 <DIR> d-------- C:\WINDOWS\system32\languages
2008-01-21 20:12 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-21 20:12 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-21 20:12 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 20:11 . 2008-01-23 15:31 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-21 20:10 . 2008-01-21 20:14 <DIR> d-------- C:\Program Files\GPL MPEG Decoder
2008-01-21 19:36 . 2008-01-21 19:36 17,021,984 --a------ C:\DivXInstaller.exe
2008-01-21 19:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-21 18:46 . 2008-01-21 18:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-21 18:44 . 2008-01-21 18:44 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-01-21 18:42 . 2008-01-21 18:44 <DIR> d-------- C:\Inetpub
2008-01-21 18:10 . 2008-01-21 18:10 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-21 18:09 . 2008-01-21 18:09 <DIR> d-------- C:\Program Files\BroadJump
2008-01-21 18:09 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-01-21 18:09 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-01-21 18:09 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2008-01-21 18:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-21 18:09 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2006-11-23 12:35 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-21 17:43 . 2008-01-21 22:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 17:38 . 2008-01-21 17:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-21 17:35 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-21 17:34 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-21 17:33 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-21 17:32 . 2004-08-04 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-21 17:31 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-21 17:30 . 2008-01-21 17:30 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-21 17:30 . 2008-01-21 17:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-01-21 17:30 . 2008-01-21 17:30 0 --a------ C:\WINDOWS\control.ini
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-21 17:27 . 2004-08-04 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-21 17:25 . 2004-08-04 12:00 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-01-21 17:24 . 2008-01-21 17:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-21 17:24 . 2008-01-21 17:24 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-21 17:24 . 2008-01-21 17:24 36 --a------ C:\WINDOWS\vb.ini
2008-01-21 17:22 . 2004-08-04 12:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-01-21 17:13 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-21 17:13 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-21 17:12 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-21 17:11 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-21 17:10 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-21 17:10 . 2004-08-03 23:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-01-21 17:10 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-01-21 17:10 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-01-21 17:10 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-01-21 17:07 . 2008-01-22 13:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-21 17:05 . 2004-08-04 12:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-01-21 17:05 . 2004-08-04 12:00 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-01-21 17:05 . 2004-08-04 12:00 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-01-21 17:03 . 2008-01-21 17:37 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-01-21 16:55 . 2008-01-21 17:03 <DIR> d-------- C:\WINDOWS\ehome
2008-01-20 10:55 . 2008-01-20 10:55 <DIR> d-------- C:\Program Files\Gabest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 23:25 --------- d-----w C:\Program Files\SymNetDrv
2008-01-22 18:53 --------- d-----w C:\Program Files\Java
2008-01-22 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 20:12 --------- d-----w C:\Program Files\Xvid
2008-01-21 19:45 --------- d-----w C:\Program Files\DivX
2008-01-20 10:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-19 11:02 --------- d-----w C:\Program Files\lg_swupdate
2008-01-19 11:02 --------- d-----w C:\Program Files\iTunes
2008-01-19 10:59 --------- d-----w C:\Program Files\AIM
2008-01-11 18:38 --------- d-----w C:\Program Files\Soulseek
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-15 21:29 --------- d-----w C:\Program Files\TVU Player
2007-12-10 11:41 --------- d-----w C:\Program Files\Google
2007-12-02 17:55 --------- d-----w C:\Program Files\ffdshow
2007-11-25 01:37 --------- d-----w C:\Program Files\Screenshot Utility
.
Code: 
<pre>
----a-w            61,440 2008-01-19 10:47:46  C:\Program Files\AIM\aim .exe
----a-w           344,064 2008-01-24 12:53:42  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           376,912 2008-01-23 21:16:33  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w            58,992 2008-01-20 07:22:48  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w            32,768 2008-01-19 10:47:12  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w           486,856 2008-01-24 12:53:50  C:\Program Files\DAEMON Tools Lite\daemon  .exe
----a-w           486,856 2008-01-24 19:37:27  C:\Program Files\DAEMON Tools Lite\daemon .exe
----a-w            68,856 2008-01-20 07:31:40  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           256,576 2008-01-19 10:47:30  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-01-24 12:53:45  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           335,872 2008-01-24 12:53:44  C:\Program Files\LG Software\Battery Miser 2005\batterymiser .exe
----a-w         1,028,096 2008-01-22 14:20:21  C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005 .exe
----a-w            81,920 2008-01-19 10:47:02  C:\Program Files\LG Software\On Screen Display\Hotkey .exe
----a-w           106,496 2008-01-19 10:46:40  C:\Program Files\lg_swupdate\autoupdate .exe
----a-w         1,460,560 2008-01-24 14:24:03  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           100,056 2008-01-20 07:22:59  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w           667,740 2008-01-24 12:53:46  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            98,396 2008-01-24 12:53:44  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon .exe" [2008-01-24 19:37 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS\system32\bmpsap.dll [2005-06-25 23:09 114688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 Ndisipo;NDIS Protocol Driver for IPO3;C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-06-03 09:37]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-05-14 11:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 13:36:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 13:39:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 13:39:46
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:26 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools Lite\daemon .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon .exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 2501 bytes
 
Hi

It appears SUPERAntiSpyware was too agressive in removing the vundo legitimate file infector ...

It not only removed the infected files but the run keys as well, so replacing the clean files which we can do with Combofix, will not be of any use unless we replace the run keys as well...

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code: 
File::
C:\WINDOWS\system32\bfofqplo.ini

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"batterymiser"="C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

RenV::
C:\Program Files\AIM\aim .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser .exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005 .exe
C:\Program Files\LG Software\On Screen Display\Hotkey .exe
C:\Program Files\lg_swupdate\autoupdate .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe

Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Hows the computer running ?

steam
 
Hello again. sorry for the slow reply, i've been a little busy. anyway, i ran combofix again with the script you posted (i then rebooted, even though it didnt ask for it, since my internet was down for some reason. i think its just my router though ;) ) and then ran hijackthis. computer seems to be running fine and so far i've not seen any more popups/fake security alerts, etc etc. So here are the two logs.
 
ComboFix Log

ComboFix 08-01-23.1C - Nat 2008-01-26 14:26:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT 0:00]
Running from: C:\Documents and Settings\Nat\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nat\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\bfofqplo.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bfofqplo.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 00:53 . 2008-01-26 00:53 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-26 00:53 . 2008-01-26 00:53 <DIR> d-------- C:\Program Files\AOD
2008-01-26 00:53 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-25 13:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 21:15 . 2008-01-25 14:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 14:33 . 2008-01-24 14:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 21:13 . 2008-01-23 21:13 149 --a------ C:\WINDOWS\wininit.ini
2008-01-23 14:57 . 2008-01-23 14:57 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-22 19:35 . 2008-01-22 19:35 <DIR> d-------- C:\Program Files\Azureus
2008-01-22 18:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:38 . 2008-01-24 19:37 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-01-22 14:38 . 2008-01-24 19:37 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-01-22 14:38 . 2008-01-24 19:37 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-01-22 14:36 . 2008-01-24 12:53 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-22 14:10 . 2008-01-22 14:10 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 14:02 . 2008-01-22 14:02 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-22 13:58 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-01-22 13:56 . 2005-06-20 14:53 159,825 --a------ C:\WINDOWS\system32\STAC97.CPL
2008-01-22 13:51 . 2005-06-25 23:09 114,688 --a------ C:\WINDOWS\system32\bmpsap.dll
2008-01-22 13:51 . 2005-05-14 11:12 7,552 --a------ C:\WINDOWS\system32\drivers\lgsnd_filter.sys
2008-01-22 13:50 . 2008-01-22 13:50 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2008-01-22 13:40 . 2008-01-22 13:46 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-01-22 13:37 . 2005-06-07 22:25 647,808 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 13:37 . 2005-03-10 10:52 58,521 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-01-22 13:37 . 2001-11-09 11:01 24,064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2008-01-22 13:37 . 2005-06-08 07:26 21,360 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-01-22 13:37 . 2005-04-07 11:20 900 --a------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2008-01-22 13:22 . 2005-06-03 09:37 15,104 --a------ C:\WINDOWS\system32\drivers\Ndisipo.sys
2008-01-21 20:44 . 2008-01-21 20:44 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-01-21 20:42 . 2008-01-21 20:42 <DIR> d-------- C:\Program Files\AC3Filter
2008-01-21 20:42 . 2007-08-18 07:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-01-21 20:41 . 2000-04-01 04:11 291,408 --a------ C:\DivXa32.acm
2008-01-21 20:41 . 2002-03-17 12:17 2,634 --a------ C:\DivXAudioCompressor4.02.inf
2008-01-21 20:13 . 2008-01-21 20:13 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-01-21 20:13 . 2008-01-21 20:12 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-21 20:12 . 2008-01-21 20:12 <DIR> d-------- C:\WINDOWS\system32\languages
2008-01-21 20:12 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-21 20:12 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-21 20:12 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-21 20:11 . 2008-01-23 15:31 <DIR> d-------- C:\Program Files\Mv2Player
2008-01-21 20:10 . 2008-01-21 20:14 <DIR> d-------- C:\Program Files\GPL MPEG Decoder
2008-01-21 19:36 . 2008-01-21 19:36 17,021,984 --a------ C:\DivXInstaller.exe
2008-01-21 19:22 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-21 18:46 . 2008-01-21 18:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-21 18:44 . 2008-01-21 18:44 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-01-21 18:42 . 2008-01-21 18:44 <DIR> d-------- C:\Inetpub
2008-01-21 18:10 . 2008-01-21 18:10 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-21 18:09 . 2008-01-21 18:09 <DIR> d-------- C:\Program Files\BroadJump
2008-01-21 18:09 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-01-21 18:09 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-01-21 18:09 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2008-01-21 18:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-21 18:09 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-01-21 18:09 . 2006-11-23 12:35 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-01-21 17:43 . 2008-01-21 22:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 17:38 . 2008-01-21 17:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-01-21 17:35 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-21 17:34 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-21 17:33 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-21 17:32 . 2004-08-04 12:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-21 17:31 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-21 17:30 . 2008-01-21 17:30 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-21 17:30 . 2008-01-21 17:30 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-01-21 17:30 . 2008-01-21 17:30 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-01-21 17:30 . 2008-01-21 17:30 0 --a------ C:\WINDOWS\control.ini
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-21 17:28 . 2008-01-21 17:28 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-01-21 17:28 . 2008-01-21 17:28 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-21 17:27 . 2004-08-04 12:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-21 17:25 . 2004-08-04 12:00 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-01-21 17:24 . 2008-01-21 17:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-21 17:24 . 2008-01-21 17:24 37 --a------ C:\WINDOWS\vbaddin.ini
2008-01-21 17:24 . 2008-01-21 17:24 36 --a------ C:\WINDOWS\vb.ini
2008-01-21 17:22 . 2004-08-04 12:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-01-21 17:13 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-21 17:13 . 2001-08-17 13:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-21 17:12 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-21 17:11 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-21 17:10 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-01-21 17:10 . 2004-08-03 23:07 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2008-01-21 17:10 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-01-21 17:10 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-01-21 17:10 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-01-21 17:07 . 2008-01-22 13:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-21 17:05 . 2004-08-04 12:00 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-01-21 17:05 . 2004-08-04 12:00 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-01-21 17:05 . 2004-08-04 12:00 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-01-21 17:03 . 2008-01-21 17:37 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 14:26 --------- d-----w C:\Program Files\SymNetDrv
2008-01-26 14:26 --------- d-----w C:\Program Files\lg_swupdate
2008-01-26 14:26 --------- d-----w C:\Program Files\iTunes
2008-01-26 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-26 14:26 --------- d-----w C:\Program Files\AIM
2008-01-22 18:53 --------- d-----w C:\Program Files\Java
2008-01-22 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 20:12 --------- d-----w C:\Program Files\Xvid
2008-01-21 19:45 --------- d-----w C:\Program Files\DivX
2008-01-11 18:38 --------- d-----w C:\Program Files\Soulseek
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-25 12:48 --------- d-----w C:\Program Files\VZPRP
2007-12-25 12:46 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2007-12-15 21:29 --------- d-----w C:\Program Files\TVU Player
2007-12-10 11:41 --------- d-----w C:\Program Files\Google
2007-12-02 17:55 --------- d-----w C:\Program Files\ffdshow
.
Code: 
<pre>
----a-w           486,856 2008-01-24 12:53:50  C:\Program Files\DAEMON Tools Lite\daemon  .exe
----a-w           486,856 2008-01-24 19:37:27  C:\Program Files\DAEMON Tools Lite\daemon .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-01-25_13.39.32.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 13:27:56 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 14:25:38 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 13:27:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 14:25:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 13:27:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 14:25:39 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 13:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 14:25:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 13:27:57 2,854,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 14:25:39 2,854,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 13:27:57 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 14:25:39 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-25 13:36:04 214,378 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-25 19:14:44 214,405 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-01-25 16:33:39 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_728.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon .exe" [2008-01-24 19:37 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2008-01-19 10:47 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\WINDOWS\system32\bmpsap.dll [2005-06-25 23:09 114688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 Ndisipo;NDIS Protocol Driver for IPO3;C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-06-03 09:37]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-05-14 11:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:30:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 14:31:02
ComboFix-quarantined-files.txt 2008-01-26 14:30:48
ComboFix2.txt 2008-01-25 13:39:50
 
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:41 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools Lite\daemon .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon .exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 2637 bytes
 
Hi. Thank you so much for your time help! My laptop's running fine now. That was much easier than i had anticipated. Thank you so much.
 
Status
Not open for further replies.
Back
Top