Jump to content


Photo

I need help


  • This topic is locked This topic is locked
9 replies to this topic

#1 Boggeddown

Boggeddown

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 June 2007 - 02:50 PM

I have been having a number of issues with my Dell/Windows XP computer. We have a verizon FIOS internet connection and have always been happy with the speed of the connection and speed of the computer in general. In the last month, the computer has become terribly slow and full of pop-ups. I regularly run Spybot and Ad-Aware. I regulary empty our temporary internet files. The problems seemed to begin around the same time I installed a Mocrosoft Office 2003 update (I was running Office 200). I also installed Bloomberg software (a financial powerhouse/data system that is internet based). We regularly use the internet for the typical things - shopping, research, vacation planning, iTunes. We do not use the PC for any heavy gaming (an occasional trip to Webkinz for the kids).

The most common pop-up appears to have the address:
url.cpvfeed.com/cpv.jsp?p=110830&ip=71.126.244.33&url=http%3A%2Fforums...

That address is typically up for only a few seconds, then it redirects to some advertising which ranges from lovely things such as fling.com to insurance adds.

Another EXTRA annoying pop-up is "About: blank" which opens up endlessly and ends up shutting down every internet based thing open on the PC

As suggested in the FAQ forum, following this introduction I am posting the logs from Kaspersky, BitDefender, and HijackThis.

Here is the log from Kaspersky:

KASPERSKY ONLINE SCANNER REPORT
Monday, May 28, 2007 4:21:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/05/2007
Kaspersky Anti-Virus database records: 333239
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 112919
Number of viruses found: 25
Number of infected objects: 195
Number of suspicious objects: 1
Duration of the scan process: 01:27:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_c5f175e8-8285-4ea4-a591-b493e7d71d78 Object is locked skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\ahvniabe.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\aucvnujf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\axfibfbf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\frdmhogm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\mkyowvtn.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\mqhtjomm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\nibyowhr.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\osqfrjfe.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\tiyxxvse.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\xfgcvwuf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\xsryynlo.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\ynyhiynn.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-31a53c83.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-31a53c83.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-31a53c83.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20018-31a53c83.zip ZIP: infected - 3 skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-618ec31a-4d172cb5.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-618ec31a-4d172cb5.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-618ec31a-4d172cb5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-618ec31a-4d172cb5.zip ZIP: infected - 3 skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-f09251e-38b72ac5.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-f09251e-38b72ac5.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-f09251e-38b72ac5.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-f09251e-38b72ac5.zip ZIP: infected - 3 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sue\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sue\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Temp\aawyrcae.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\akcursgw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\axoncpxt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\backxnvn.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\bfeacjhb.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\bnbjyeys.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\brppnybk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\bvowiuup.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\bwwspupu.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\cfvqqmwx.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\djvwwuer.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\dmewicll.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\dokhapeq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\dpuvjodw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\dsedsgvt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\duvjfuch.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\dxfberkc.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\edmlocjj.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\fdlxrwlg.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\gojonydg.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\gvmvexyq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\hbavmfpy.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\hbflkvld.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ifvkfdje.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ijnwpcvw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\installdrivecleanerstart.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\Documents and Settings\sue\Local Settings\Temp\ixkpvamf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\jbwjinfv.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\jcccbavw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\jcxkdqkx.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\jwilqejy.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\kfdnqmgb.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ktgestni.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\kuveexwt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ldhyrtyq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\leuxexua.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\lfktrjjk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\lnlyjepg.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ltexykyj.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\mdphnkuf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\mosaplok.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\mrtovkmf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\mspkajfp.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\mximblyw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ncterlko.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nhikqpqk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nhlerhoy.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nnpfwkyv.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nohethhk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nririvga.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nswtgxph.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\nxxgdrae.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\oaavgoyh.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\odqdjgww.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\olbvyyjv.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\oloamitk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\otenrlpr.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ovyematt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\pvaomihw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\qmigsqqu.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\qopiktoa.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\qubqnqul.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\qvxmqyso.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\rmiqqypk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\rsapnssq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\rscjakty.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\sdexe.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\Documents and Settings\sue\Local Settings\Temp\sfurtcxs.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\slciurgp.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\sldupnou.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\snqawatf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\sqjxyacf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\sthpbtof.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\svdixuma.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\uamknclq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\uldytndx.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\uppdbifk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\vaejsqqk.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\vcejorru.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\vcrfdcgp.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\vefktvhp.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\vguyweyt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\wqwrqlxi.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\wtoypdeo.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\wtyvgbcd.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\xanvwfnd.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\xpqphwyu.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\YazzleBundle-1281.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\sue\Local Settings\Temp\YazzleBundle-1281.exe NSIS: infected - 1 skipped
C:\Documents and Settings\sue\Local Settings\Temp\yejmycyf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ymgcneli.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\ymigmhhq.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temp\yrtyqdsi.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\sue\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sue\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sue\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\070B173C Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CFA0AC6 Infected: Trojan-Clicker.Win32.VB.ca skipped
C:\Program Files\Norton AntiVirus\Quarantine\22F92E64 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641 CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31BB753F Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153 Embedded CAB: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FD7B50 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\46482C7E Infected: Trojan-Downloader.Win32.Lemmy.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\47036587.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\515375A7 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\551C4BF9 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E9B0D3B Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\RECYCLER\S-1-5-21-220523388-1708537768-839522115-1003\Dc1.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\RECYCLER\S-1-5-21-220523388-1708537768-839522115-1003\Dc1.exe/data0003 Infected: Trojan.Win32.BHO.ab skipped
C:\RECYCLER\S-1-5-21-220523388-1708537768-839522115-1003\Dc1.exe/data0004 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\RECYCLER\S-1-5-21-220523388-1708537768-839522115-1003\Dc1.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\RECYCLER\S-1-5-21-220523388-1708537768-839522115-1003\Dc1.exe NSIS: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1493\A0104787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1493\A0104788.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1497\A0107154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1499\A0107185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1499\A0107186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107208.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1502\A0107325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107451.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107477.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107483.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1505\A0107513.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1506\A0107546.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1506\A0107571.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1514\A0107758.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1514\A0107759.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1514\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\retadpu1000106.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{74AE229B-6C3D-44A6-B273-233FD71F727C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bklwfldh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\bpmukchu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\bqxoejic.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\caxwmfsy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\efibwpnt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\eipoiybd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\fafrdqcp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\gmuvdqnq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\gvtvfhpu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hoosbgmq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\iihjedbp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\krfyhlkk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ljjjife.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\lsarhgwy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\mafbjarh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\mhftvvvk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\mkihhhsi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\mtmfmchq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\muhvnkgc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\njpxbfll.exe Infected: Trojan.Win32.Agent.amc skipped
C:\WINDOWS\system32\ovxggdhy.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\WINDOWS\system32\rgpjbpwo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\rhalsuni.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\rmsjuoof.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\sfisccuj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\smpi1\lib06.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\WINDOWS\system32\svifbxbk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ttdgfphe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\vrgorggv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wejhidyp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wfcmroub.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wwjvtunv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\wxqfspaa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\system32\ysdagbcn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Here is the log from BitDefender[u]:

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Mon, May 28, 2007 - 18:32:55</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:56:26</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">878521</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7350</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2592</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">62507</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">29</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">30</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">509108</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>

Edited by miekiemoes, 03 June 2007 - 03:00 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 05 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 14 June 2007 - 05:25 AM

Hi Boggeddown,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, hereís what do next.

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 Boggeddown

Boggeddown

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 June 2007 - 08:55 PM

Hi Boggeddown,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, hereís what do next.

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.



#5 Boggeddown

Boggeddown

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 June 2007 - 09:15 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]



Sorry - I'm not really certain how/where I should reply with my new info to your help - Hopefully, this is the correct method??????????????? My first reply attempt clearly didn't work. Should I have done this as an edit to my original post? All new to me - sorry if this is not the correct protocol. All assistance greatly appreciated.

First, THANKS!!!!!!!! for the reply and assistance. I am posting below the ComboFix log and the new Hijack this log.

ComboFix 07-06-18.2
"sue" - 2007-06-19 19:50:23 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bklwfldh.dll
C:\WINDOWS\system32\bpmukchu.dll
C:\WINDOWS\system32\bpyowwgu.dll
C:\WINDOWS\system32\bqxoejic.dll
C:\WINDOWS\system32\brgmnwes.dll
C:\WINDOWS\system32\caxwmfsy.dll
C:\WINDOWS\system32\cnehtbtb.dll
C:\WINDOWS\system32\dpxnrjmn.dll
C:\WINDOWS\system32\efibwpnt.dll
C:\WINDOWS\system32\eipoiybd.dll
C:\WINDOWS\system32\fafrdqcp.dll
C:\WINDOWS\system32\gbypafok.dll
C:\WINDOWS\system32\gdpnfksu.dll
C:\WINDOWS\system32\gmuvdqnq.dll
C:\WINDOWS\system32\gouxvpti.dll
C:\WINDOWS\system32\gqqmsirk.dll
C:\WINDOWS\system32\gvtvfhpu.dll
C:\WINDOWS\system32\hmvwvkai.dll
C:\WINDOWS\system32\hoosbgmq.dll
C:\WINDOWS\system32\iihjedbp.dll
C:\WINDOWS\system32\ijpeqqai.dll
C:\WINDOWS\system32\krfyhlkk.dll
C:\WINDOWS\system32\kxalmuhc.dll
C:\WINDOWS\system32\ljnxvjyj.dll
C:\WINDOWS\system32\ljyfojpk.dll
C:\WINDOWS\system32\lmnlktmg.dll
C:\WINDOWS\system32\lsarhgwy.dll
C:\WINDOWS\system32\mafbjarh.dll
C:\WINDOWS\system32\mdyreuhp.dll
C:\WINDOWS\system32\mhftvvvk.dll
C:\WINDOWS\system32\mkihhhsi.dll
C:\WINDOWS\system32\mtmfmchq.dll
C:\WINDOWS\system32\muhvnkgc.dll
C:\WINDOWS\system32\nmhetklc.dll
C:\WINDOWS\system32\ofmcwjkd.dll
C:\WINDOWS\system32\ovxggdhy.dll
C:\WINDOWS\system32\powpkwhx.dll
C:\WINDOWS\system32\qhyljcfl.dll
C:\WINDOWS\system32\qwjiehcj.dll
C:\WINDOWS\system32\rgpjbpwo.dll
C:\WINDOWS\system32\rhalsuni.dll
C:\WINDOWS\system32\rlnhgycy.dll
C:\WINDOWS\system32\rmhjjwid.dll
C:\WINDOWS\system32\rmsjuoof.dll
C:\WINDOWS\system32\rmtqkvtt.dll
C:\WINDOWS\system32\sawpkihj.dll
C:\WINDOWS\system32\sdteutyd.dll
C:\WINDOWS\system32\sfisccuj.dll
C:\WINDOWS\system32\sjdwqvxg.dll
C:\WINDOWS\system32\sqaydjyq.dll
C:\WINDOWS\system32\suvrubbf.dll
C:\WINDOWS\system32\svifbxbk.dll
C:\WINDOWS\system32\tdctufxe.dll
C:\WINDOWS\system32\ttdgfphe.dll
C:\WINDOWS\system32\vdwbvubp.dll
C:\WINDOWS\system32\vgevykuw.dll
C:\WINDOWS\system32\vrgorggv.dll
C:\WINDOWS\system32\wajlukfw.dll
C:\WINDOWS\system32\wdvjmpij.dll
C:\WINDOWS\system32\wejhidyp.dll
C:\WINDOWS\system32\wfcmroub.dll
C:\WINDOWS\system32\witbumpy.dll
C:\WINDOWS\system32\woknwshp.dll
C:\WINDOWS\system32\wwabcwtq.dll
C:\WINDOWS\system32\wweigbpe.dll
C:\WINDOWS\system32\wwjvtunv.dll
C:\WINDOWS\system32\wxqfspaa.dll
C:\WINDOWS\system32\xbcyosjn.dll
C:\WINDOWS\system32\xdumxiod.dll
C:\WINDOWS\system32\xwfimndi.dll
C:\WINDOWS\system32\ysdagbcn.dll
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\hdlfwlkb.ini
C:\WINDOWS\system32\uhckumpb.ini
C:\WINDOWS\system32\ugwwoypb.ini
C:\WINDOWS\system32\cijeoxqb.ini
C:\WINDOWS\system32\sewnmgrb.ini
C:\WINDOWS\system32\ysfmwxac.ini
C:\WINDOWS\system32\nmjrnxpd.ini
C:\WINDOWS\system32\tnpwbife.ini
C:\WINDOWS\system32\dbyiopie.ini
C:\WINDOWS\system32\pcqdrfaf.ini
C:\WINDOWS\system32\kofapybg.ini
C:\WINDOWS\system32\uskfnpdg.ini
C:\WINDOWS\system32\qnqdvumg.ini
C:\WINDOWS\system32\itpvxuog.ini
C:\WINDOWS\system32\krismqqg.ini
C:\WINDOWS\system32\uphfvtvg.ini
C:\WINDOWS\system32\iakvwvmh.ini
C:\WINDOWS\system32\qmgbsooh.ini
C:\WINDOWS\system32\pbdejhii.ini
C:\WINDOWS\system32\iaqqepji.ini
C:\WINDOWS\system32\kklhyfrk.ini
C:\WINDOWS\system32\chumlaxk.ini
C:\WINDOWS\system32\jyjvxnjl.ini
C:\WINDOWS\system32\kpjofyjl.ini
C:\WINDOWS\system32\gmtklnml.ini
C:\WINDOWS\system32\ywghrasl.ini
C:\WINDOWS\system32\hrajbfam.ini
C:\WINDOWS\system32\phuerydm.ini
C:\WINDOWS\system32\kvvvtfhm.ini
C:\WINDOWS\system32\ishhhikm.ini
C:\WINDOWS\system32\qhcmfmtm.ini
C:\WINDOWS\system32\cgknvhum.ini
C:\WINDOWS\system32\clktehmn.ini
C:\WINDOWS\system32\dkjwcmfo.ini
C:\WINDOWS\system32\xhwkpwop.ini
C:\WINDOWS\system32\lfcjlyhq.ini
C:\WINDOWS\system32\jcheijwq.ini
C:\WINDOWS\system32\owpbjpgr.ini
C:\WINDOWS\system32\inuslahr.ini
C:\WINDOWS\system32\ycyghnlr.ini
C:\WINDOWS\system32\diwjjhmr.ini
C:\WINDOWS\system32\fooujsmr.ini
C:\WINDOWS\system32\ttvkqtmr.ini
C:\WINDOWS\system32\jhikpwas.ini
C:\WINDOWS\system32\juccsifs.ini
C:\WINDOWS\system32\qyjdyaqs.ini
C:\WINDOWS\system32\fbburvus.ini
C:\WINDOWS\system32\kbxbfivs.ini
C:\WINDOWS\system32\exfutcdt.ini
C:\WINDOWS\system32\ehpfgdtt.ini
C:\WINDOWS\system32\pbuvbwdv.ini
C:\WINDOWS\system32\wukyvegv.ini
C:\WINDOWS\system32\vggrogrv.ini
C:\WINDOWS\system32\wfkuljaw.ini
C:\WINDOWS\system32\jipmjvdw.ini
C:\WINDOWS\system32\pydihjew.ini
C:\WINDOWS\system32\buormcfw.ini
C:\WINDOWS\system32\qtwcbaww.ini
C:\WINDOWS\system32\vnutvjww.ini
C:\WINDOWS\system32\aapsfqxw.ini
C:\WINDOWS\system32\doixmudx.ini
C:\WINDOWS\system32\idnmifwx.ini
C:\WINDOWS\system32\ncbgadsy.ini
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ljjjife.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\sue\APPLIC~1.\macromedia\Flash Player\#SharedObjects\4T8QZFM5\www.broadcaster.com
C:\DOCUME~1\sue\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\sue\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\sue\Desktop.\internet explorer.lnk
C:\Temp\tn3
C:\WINDOWS\mcroso~1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\winnb58.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 19:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 14:59 122,900 --a------ C:\WINDOWS\system32\flqagfwa.exe
2007-06-17 11:58 125,972 --a------ C:\WINDOWS\system32\kapewhvb.dll
2007-06-16 17:39 125,972 --a------ C:\WINDOWS\system32\xauiqffv.dll
2007-06-07 00:02 55,316 --a------ C:\WINDOWS\system32\mqcybejf.dll
2007-06-02 16:34 <DIR> d-------- C:\Program Files\iTunes
2007-05-28 16:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-28 14:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-28 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-28 11:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-20 16:12 <DIR> d-------- C:\DOCUME~1\LILY&C~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 20:34:21 -------- d-----w C:\Program Files\iPod
2007-06-02 20:31:40 -------- d-----w C:\Program Files\QuickTime
2007-06-02 20:22:46 -------- d-----w C:\Program Files\Apple Software Update
2007-05-28 17:24:28 -------- d-----w C:\Program Files\Common Files\SysProtect
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 07:10:57 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 23:21:24 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-09 23:19:43 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-07 23:42:54 -------- d-----w C:\Program Files\SmileyDistrict
2007-05-07 15:33:20 1,499 --sha-w C:\WINDOWS\system32\s3pm.ini2
2007-05-07 15:24:21 339,012 ----a-w C:\WINDOWS\system32\njpxbfll.exe
2007-05-06 02:50:58 -------- d-----w C:\DOCUME~1\sue\APPLIC~1\ICAClient
2007-05-06 02:50:39 81 ----a-w C:\CTX.DAT
2007-05-06 02:50:24 -------- d-----w C:\Program Files\Citrix
2007-05-03 19:38:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 11:09]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 02:18]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 13:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 16:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mp3s]
C:\WINDOWS\system32\mp3s.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnno]
pmnno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCS Business Connection Personal Edition.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCS Business Connection Personal Edition.lnk
backup=C:\WINDOWS\pss\PCS Business Connection Personal Edition.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCS Business Connection.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCS Business Connection.lnk
backup=C:\WINDOWS\pss\PCS Business Connection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sue^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\sue\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysProtect]
C:\Program Files\SysProtect\syp.exe /scan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe


Contents of the 'Scheduled Tasks' folder
2007-06-02 20:22:50 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-17 01:35:00 C:\WINDOWS\tasks\Disk Cleanup.job
2007-06-19 06:27:02 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-19 04:00:00 C:\WINDOWS\tasks\Symantec Drmc.job
2007-06-19 21:49:01 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 21:36:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 21:38:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-19 21:38

--- E O F ---


HERE IS THE NEW HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:48 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\EPOAgent\naimas32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZUxdm080YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomber...ca32/icaweb.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photowork...ropUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O20 - Winlogon Notify: mp3s - C:\WINDOWS\system32\mp3s.dll (file missing)
O20 - Winlogon Notify: pmnno - pmnno.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qxjqglsn.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCS Business Connection Personal Edition Service (SevenConnectionService) - Unknown owner - C:\Program Files\Sprint\PCS Business Connection\ConnectionService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 12:29 AM

Hi Boggeddown, :wave:

Youíre most welcome, Boggeddown. :)


Sorry - I'm not really certain how/where I should reply with my new info to your help - Hopefully, this is the correct method??? My first reply attempt clearly didn't work. Should I have done this as an edit to my original post? All new to me - sorry if this is not the correct protocol.

No worries. :)

Just use the Posted Image button to reply. :)

OK, letís pick up some leftovers.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
(start copying from "@echo off")

@echo off
For %%g in (
C:\WINDOWS\system32\flqagfwa.exe
C:\WINDOWS\system32\kapewhvb.dll
C:\WINDOWS\system32\xauiqffv.dll
C:\WINDOWS\system32\mqcybejf.dll
C:\WINDOWS\system32\s3pm.ini2
C:\WINDOWS\system32\njpxbfll.exe
C:\Program Files\SysProtect\syp.exe
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit

Save this as submit.bat. Choose to "Save as type - All Files" and place it on your desktop.
It should look like this: Posted Image
Double-click on submit.bat and allow it to run.

This will generate an archive on your desktop, catchme.zip.
Please submit it to this site: http://www.bleepingcomputer.com/submit-malware.php?channel=4
Please include a link to this topic in the message.


NEXT:

Go to Start -> Control Panel -> Add/Remove Programs and remove any of the following that are listed:

SmileyDistrict
SysProtect



NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZUxdm080YYUS
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O20 - Winlogon Notify: mp3s - C:\WINDOWS\system32\mp3s.dll (file missing)
O20 - Winlogon Notify: pmnno - pmnno.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qxjqglsn.exe (file missing)



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the "Open" field, ONE AT A TIME, then click "OK":

sc stop DomainService

sc delete DomainService



NEXT:

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\Program Files\SysProtect\syp.exe
    C:\WINDOWS\system32\qxjqglsn.exe
    
    Folder::
    C:\Program Files\Common Files\SysProtect
    C:\Program Files\SysProtect
    C:\Program Files\SmileyDistrict
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysProtect]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you donít know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

How are things running now?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#7 Boggeddown

Boggeddown

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2007 - 05:58 PM

Thanks! I'll work on this tonight. Actually there has been a SIGNIFICANT improvement in how things are running - just the fact that I can go on a website without a single pop-up is a very welcome relief. Before I ran the ComboFix I couldn't spend more than a few minutes on any site without being taken over. Still not quite the good old days, but getting close. I really appreciate the help and will definitely help keep this forum "alive" by making a donation. I'll post the other info tonight if all goes well. Thanks, again! :hyper:

#8 Boggeddown

Boggeddown

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2007 - 06:35 PM

Well - I think I followed all the recommendations correctly - Computer definitely running better. So far no pop-ups, no weird error messages, no mysterious redirects. Still seems a bit slower than I remember before all the problems, but that could be wishful thinking? Thanks so very much for all your patience and assistance. Please let me know if there's anything else I should try.

Here are the most recent three logs you suggested:

COMBOFIX

ComboFix 07-06-18.2 - C:\Documents and Settings\sue\My Documents\ComboFix.exe
"sue" - 2007-06-20 20:51:46 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\sue\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\SysProtect
C:\Program Files\SmileyDistrict
C:\Program Files\SmileyDistrict\OSmile.dll


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-20 19:15 55,316 --a------ C:\DOCUME~1\sue\mqcybejf.dll
2007-06-20 19:15 339,012 --a------ C:\DOCUME~1\sue\njpxbfll.exe
2007-06-20 19:15 125,972 --a------ C:\DOCUME~1\sue\xauiqffv.dll
2007-06-20 19:15 125,972 --a------ C:\DOCUME~1\sue\kapewhvb.dll
2007-06-20 19:15 122,900 --a------ C:\DOCUME~1\sue\flqagfwa.exe
2007-06-20 19:15 1,499 --a------ C:\DOCUME~1\sue\s3pm.ini2
2007-06-19 19:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 14:59 122,900 --a------ C:\WINDOWS\system32\flqagfwa.exe
2007-06-17 11:58 125,972 --a------ C:\WINDOWS\system32\kapewhvb.dll
2007-06-16 17:39 125,972 --a------ C:\WINDOWS\system32\xauiqffv.dll
2007-06-07 00:02 55,316 --a------ C:\WINDOWS\system32\mqcybejf.dll
2007-06-02 16:34 <DIR> d-------- C:\Program Files\iTunes
2007-05-28 16:28 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-28 14:43 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-28 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-28 11:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-20 16:12 <DIR> d-------- C:\DOCUME~1\LILY&C~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-02 20:34:21 -------- d-----w C:\Program Files\iPod
2007-06-02 20:31:40 -------- d-----w C:\Program Files\QuickTime
2007-06-02 20:22:46 -------- d-----w C:\Program Files\Apple Software Update
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 07:10:57 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-09 23:21:24 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-09 23:19:43 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-07 15:33:20 1,499 --sha-w C:\WINDOWS\system32\s3pm.ini2
2007-05-07 15:24:21 339,012 ----a-w C:\WINDOWS\system32\njpxbfll.exe
2007-05-06 02:50:58 -------- d-----w C:\DOCUME~1\sue\APPLIC~1\ICAClient
2007-05-06 02:50:39 81 ----a-w C:\CTX.DAT
2007-05-06 02:50:24 -------- d-----w C:\Program Files\Citrix
2007-05-03 19:38:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 11:09]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 15:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 12:41]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\system32\nwiz.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 02:18]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 13:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 16:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCS Business Connection Personal Edition.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCS Business Connection Personal Edition.lnk
backup=C:\WINDOWS\pss\PCS Business Connection Personal Edition.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCS Business Connection.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PCS Business Connection.lnk
backup=C:\WINDOWS\pss\PCS Business Connection.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sue^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\sue\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe


Contents of the 'Scheduled Tasks' folder
2007-06-02 20:22:50 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-17 01:35:00 C:\WINDOWS\tasks\Disk Cleanup.job
2007-06-20 06:27:00 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-20 04:00:00 C:\WINDOWS\tasks\Symantec Drmc.job
2007-06-20 21:49:24 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 20:54:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 20:55:11
C:\ComboFix-quarantined-files.txt ... 2007-06-20 20:54
C:\ComboFix2.txt ... 2007-06-19 21:38

--- E O F ---

KASPERSKY

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 20, 2007 10:44:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 21/06/2007
Kaspersky Anti-Virus database records: 350007
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 89011
Number of viruses found: 29
Number of infected objects: 226
Number of suspicious objects: 4
Duration of the scan process: 01:21:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_c5f175e8-8285-4ea4-a591-b493e7d71d78 Object is locked skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\ahvniabe.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\aucvnujf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\axfibfbf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\frdmhogm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\mkyowvtn.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\mqhtjomm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\nibyowhr.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\osqfrjfe.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\tiyxxvse.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\xfgcvwuf.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\xsryynlo.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\lily & claire\Local Settings\Temp\ynyhiynn.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-7b1a3d64.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-7b1a3d64.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-7b1a3d64.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-4d048a14-7b1a3d64.zip ZIP: infected - 3 skipped
C:\Documents and Settings\mike\Local Settings\Temp\temp.fr1F97 Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sue\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sue\flqagfwa.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\sue\kapewhvb.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\Documents and Settings\sue\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sue\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\History\History.IE5\MSHist012007062020070621\index.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Temp\Perflib_Perfdata_cec.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sue\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sue\mqcybejf.dll Infected: Trojan.Win32.BHO.o skipped
C:\Documents and Settings\sue\njpxbfll.exe Infected: Trojan.Win32.Agent.amc skipped
C:\Documents and Settings\sue\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sue\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sue\xauiqffv.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\070B173C Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CFA0AC6 Infected: Trojan-Clicker.Win32.VB.ca skipped
C:\Program Files\Norton AntiVirus\Quarantine\22F92E64 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641 CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B190641 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153 Embedded CAB: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FA5153 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\33FD7B50 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\46482C7E Infected: Trojan-Downloader.Win32.Lemmy.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\47036587.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\515375A7 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\551C4BF9 Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E9B0D3B Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bklwfldh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bpmukchu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bpyowwgu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bqxoejic.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\brgmnwes.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\caxwmfsy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cnehtbtb.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dpxnrjmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efibwpnt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eipoiybd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fafrdqcp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gbypafok.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gdpnfksu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gmuvdqnq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gouxvpti.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gqqmsirk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gvtvfhpu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hmvwvkai.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hoosbgmq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iihjedbp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ijpeqqai.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\krfyhlkk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kxalmuhc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjife.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljnxvjyj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljyfojpk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lmnlktmg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lsarhgwy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mafbjarh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdyreuhp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mhftvvvk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mkihhhsi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mtmfmchq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\muhvnkgc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmhetklc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ofmcwjkd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ovxggdhy.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\powpkwhx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qhyljcfl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qwjiehcj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rgpjbpwo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rhalsuni.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rlnhgycy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rmhjjwid.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rmsjuoof.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rmtqkvtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sawpkihj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sdteutyd.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sfisccuj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sjdwqvxg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sqaydjyq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\suvrubbf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\svifbxbk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tdctufxe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ttdgfphe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vdwbvubp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vgevykuw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vrgorggv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wajlukfw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wdvjmpij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wejhidyp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wfcmroub.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\witbumpy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\woknwshp.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wwabcwtq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wweigbpe.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wwjvtunv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wxqfspaa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xbcyosjn.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xdumxiod.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xwfimndi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ysdagbcn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\QooBox\Quarantine\catchme2007-06-19_213606.71.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\catchme2007-06-19_213606.71.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1493\A0104787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1493\A0104788.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1497\A0107154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1499\A0107185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1499\A0107186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107208.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1500\A0107218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1502\A0107325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1503\A0107451.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107485.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107486.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1504\A0107495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1505\A0107513.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1506\A0107546.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1506\A0107571.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1514\A0107794.exe Infected: Trojan-Downloader.Win32.VB.fn skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1524\A0109262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1524\A0109263.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1524\A0109316.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110439.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110478.exe Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110479.dll Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110480.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110481.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1527\A0110482.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1528\A0110569.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1529\A0110608.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1529\A0110672.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1530\A0110706.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111730.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111731.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111734.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111736.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dq skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111766.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111768.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111769.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111770.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111771.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111772.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111773.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111774.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111775.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111776.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111777.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111778.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111779.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111780.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111781.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111782.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111783.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111784.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111785.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111786.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111788.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111790.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111791.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111792.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111793.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111795.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111796.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111797.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111798.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111799.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111801.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111802.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111803.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111804.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111805.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111806.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111807.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111808.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111809.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111810.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111811.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111812.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111813.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111814.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111815.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111816.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111817.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111818.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111819.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111820.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111821.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111822.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111823.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111824.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111828.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111829.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111830.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111831.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111832.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111833.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111834.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111835.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111836.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111837.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1532\A0111905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1533\A0112012.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1533\A0112013.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1533\A0112014.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1533\A0112015.exe Infected: Trojan.Win32.Agent.amc skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1533\A0112016.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{8D742F38-1E9E-438B-AC7F-D5CF8F9B4C56}\RP1534\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\__delete_on_reboot__q_x_j_q_g_l_s_n_._e_x_e_ Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



HIJACK THIS
[u]

Logfile of HijackThis v1.99.1
Scan saved at 8:37:31 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\EPOAgent\naimas32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Edited by Boggeddown, 20 June 2007 - 10:22 PM.


#9 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 10:46 PM

Hi Boggeddown, :wave:

I’m glad to hear that things are running better. :)

Yes, things would still be running a bit slow because you somehow got reinfected. The trojans present in your system are not that active, however they come from the same family of malware that caused your original problems. :(

Your HijackThis log got cut off. This is probably due to the post length restrictions of the forum software. If that happens again, could you post it again in a new posting? Thanks. :)

OK, let’s fix the leftovers.

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\Documents and Settings\sue\mqcybejf.dll
    C:\Documents and Settings\sue\njpxbfll.exe
    C:\Documents and Settings\sue\xauiqffv.dll
    C:\Documents and Settings\sue\kapewhvb.dll
    C:\Documents and Settings\sue\flqagfwa.exe
    C:\Documents and Settings\sue\s3pm.ini2
    C:\WINDOWS\system32\flqagfwa.exe
    C:\WINDOWS\system32\kapewhvb.dll
    C:\WINDOWS\system32\xauiqffv.dll
    C:\WINDOWS\system32\mqcybejf.dll
    C:\WINDOWS\system32\s3pm.ini2
    C:\WINDOWS\system32\njpxbfll.exe
    C:\Documents and Settings\lily & claire\Local Settings\Temp\ahvniabe.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\aucvnujf.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\axfibfbf.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\frdmhogm.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\mkyowvtn.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\mqhtjomm.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\nibyowhr.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\osqfrjfe.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\tiyxxvse.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\xfgcvwuf.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\xsryynlo.dll
    C:\Documents and Settings\lily & claire\Local Settings\Temp\ynyhiynn.dll
    C:\WINDOWS\system32\__delete_on_reboot__q_x_j_q_g_l_s_n_._e_x_e
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Edited by Sempurna, 20 June 2007 - 10:47 PM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#10 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 July 2007 - 07:39 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button