Jump to content


Photo

Need help with Virtumonde


  • This topic is locked This topic is locked
7 replies to this topic

#1 Malteser

Malteser

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 08 June 2007 - 06:15 PM

So I ran Spybot S&D and found out I had loads of spyware and other such things, I clicked fix but it could not fix Virtumonde and asked for a reboot, after which it still could not fix it. I keep getting popups to random adverts which is really annoying and I don't know how to get rid of Virtumonde :(

Here is my log from HJT:

Logfile of HijackThis v1.99.1
Scan saved at 00:03:00, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\Malteser\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\JijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73F63140-29EE-43CE-87DD-8C9FCF009846} - C:\WINDOWS\system32\jkhhh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {796FAD50-6DE0-4CC1-85C9-94381CDEE4A8} - C:\WINDOWS\system32\khfgghi.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\nfiprnbb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ddwmltpj.dll",realset
O4 - HKLM\..\Run: [j9271035] rundll32 C:\WINDOWS\system32\j9271035.dll sook
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll
O20 - Winlogon Notify: khfgghi - C:\WINDOWS\SYSTEM32\khfgghi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



what do I do?
Cheers.
malteser

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 11 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 21 June 2007 - 03:48 PM

Hi,

Sorry you’ve had to wait for a few days but all of the helpers here are volunteers and we’ve been really busy recently.

First, please download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Once you have run ComboFix and before posting your log from that scan, please download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
I’ll look out for your reply :)
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".

#4 Malteser

Malteser

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 24 June 2007 - 07:44 AM

ok, sorry for the late reply to the late reply, I kinda forgot about it... :oops:

when I click the link(s) to download ComboFix, a little window comes up saying "blahblahblah do you want to save this file?" with a "save" button and a "cancel" button. when I click the save button nothing happens... same with both link.... what the hell? :grrr:

EDIT: the same thing happens with Dr.Web CureIt

Edited by Malteser, 24 June 2007 - 07:46 AM.


#5 Malteser

Malteser

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 24 June 2007 - 09:54 AM

OK, I managed to download both the programs. here are the results:

DrWeb:

bfbcrpyj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Crew;Incurable.Moved.;
A0014416.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Adware.Crew;Incurable.Moved.;
j9271035.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Click.2485;Deleted.;
A0014412.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Click.2485;Deleted.;
khuhykom.exe;C:\WINDOWS\system32;Trojan.Click.2485;Deleted.;
cafpxymg.exe;C:\WINDOWS\system32;Trojan.Click.2799;Deleted.;
oqnbjrwb.exe;c:\windows\system32;Trojan.EzulaAd;Will be cured after reboot.;
fojgljup.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
ipvmmmna.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
ksbhadjh.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
olfhyaqy.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Deleted.;
oqnbjrwb.exe;C:\WINDOWS\system32;Trojan.EzulaAd;Will be cured after reboot.;
cunrnsso.dll;C:\WINDOWS\system32;Trojan.Juan;Deleted.;
jdjbawyr.exe;C:\WINDOWS\system32;Trojan.LowZones.233;Deleted.;
mwreodep.exe;C:\WINDOWS\system32;Trojan.LowZones.233;Deleted.;
rmqwnywf.exe;C:\WINDOWS\system32;Trojan.LowZones.233;Deleted.;
saotwgru.exe;C:\WINDOWS\system32;Trojan.LowZones.233;Deleted.;
cpigihrg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ddwmltpj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ecbagoyn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
grbjbxic.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
hggdeca.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
iprfkyqj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
jkhhh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
jkkjhif.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
jyfaysvw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
merfdstl.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
mljkljj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
nfiprnbb.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
nkgwhovr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ofosumkw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ouybxtvj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
qdigatgx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
rcqcvvfj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
rdbkxxwr.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
rvyokkad.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
sqvnrgtt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
uttlvain.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
A0008900.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP18;Trojan.Virtumod;Deleted.;
A0008903.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP18;Trojan.Virtumod;Deleted.;
A0010900.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP19;Trojan.Virtumod;Deleted.;
A0011900.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP23;Trojan.Virtumod;Deleted.;
A0011901.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP23;Trojan.Virtumod;Deleted.;
A0012900.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP23;Trojan.Virtumod;Deleted.;
A0014417.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014418.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014419.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014420.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014421.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014422.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014423.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014424.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014425.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014426.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014427.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014428.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014429.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014430.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014431.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014432.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014433.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014434.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014435.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0014445.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP28;Trojan.Virtumod;Deleted.;
A0001001.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP6;Trojan.Virtumod;Deleted.;
A0002417.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP9;Trojan.Virtumod;Deleted.;
A0002418.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP9;Trojan.Virtumod;Deleted.;
A0002419.dll;C:\System Volume Information\_restore{09526657-A6DC-4447-B08E-25907C8A37B7}\RP9;Trojan.Virtumod;Deleted.;


-----------------------------------------------------------------------------------------------------------------------------


HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:49:44, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Malteser\Desktop\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.icq.com/start
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oqnbjrwb.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6192 bytes


-----------------------------------------------------------------------------------------------------------------------------


ComboFix:

ComboFix 07-06-18.2 - C:\Documents and Settings\Malteser\Desktop\ComboFix.exe
"Malteser" - 2007-06-24 14:03:59 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bfbcrpyj.dll
C:\WINDOWS\system32\cpigihrg.dll
C:\WINDOWS\system32\ddwmltpj.dll
C:\WINDOWS\system32\ecbagoyn.dll
C:\WINDOWS\system32\grbjbxic.dll
C:\WINDOWS\system32\iprfkyqj.dll
C:\WINDOWS\system32\jyfaysvw.dll
C:\WINDOWS\system32\merfdstl.dll
C:\WINDOWS\system32\nfiprnbb.dll
C:\WINDOWS\system32\nkgwhovr.dll
C:\WINDOWS\system32\ofosumkw.dll
C:\WINDOWS\system32\ouybxtvj.dll
C:\WINDOWS\system32\qdigatgx.dll
C:\WINDOWS\system32\rcqcvvfj.dll
C:\WINDOWS\system32\rdbkxxwr.dll
C:\WINDOWS\system32\rvyokkad.dll
C:\WINDOWS\system32\sqvnrgtt.dll
C:\WINDOWS\system32\uttlvain.dll
C:\WINDOWS\system32\hggdeca.dll
C:\WINDOWS\system32\jkkjhif.dll
C:\WINDOWS\system32\mljkljj.dll
C:\WINDOWS\system32\grhigipc.ini
C:\WINDOWS\system32\jptlmwdd.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\wvsyafyj.ini
C:\WINDOWS\system32\wkmusofo.ini
C:\WINDOWS\system32\jvtxbyuo.ini
C:\WINDOWS\system32\xgtagidq.ini
C:\WINDOWS\system32\jfvvcqcr.ini
C:\WINDOWS\system32\rwxxkbdr.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\khfgghi.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\setup.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\j9271035.dll
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-24 14:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 16:26 4,628 --a------ C:\WINDOWS\system32\cafpxymg.exe
2007-06-23 16:23 122,900 --a------ C:\WINDOWS\system32\olfhyaqy.exe
2007-06-22 16:23 122,900 --a------ C:\WINDOWS\system32\ipvmmmna.exe
2007-06-21 16:22 122,900 --a------ C:\WINDOWS\system32\fojgljup.exe
2007-06-20 16:20 122,900 --a------ C:\WINDOWS\system32\ksbhadjh.exe
2007-06-19 15:35 <DIR> d-------- C:\IMLOG
2007-06-19 15:35 <DIR> d-------- C:\IMCHAT
2007-06-19 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tournament.com Client
2007-06-19 15:34 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-06-19 15:34 <DIR> d-------- C:\Program Files\Tournament.com
2007-06-19 15:29 122,900 --a------ C:\WINDOWS\system32\oqnbjrwb.exe
2007-06-17 19:37 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-17 19:36 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-17 19:35 <DIR> d-------- C:\Program Files\MSBuild
2007-06-17 19:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-17 19:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-06-17 19:30 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-17 19:28 <DIR> dr-h----- C:\MSOCache
2007-06-17 19:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-17 15:12 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-15 08:42 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-15 08:42 28,352 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-06-15 08:42 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2007-06-15 08:42 <DIR> d-------- C:\Program Files\Musicmatch
2007-06-09 23:18 <DIR> d-------- C:\DOCUME~1\Malteser\APPLIC~1\ICQ Toolbar
2007-06-09 22:50 <DIR> d-------- C:\Program Files\ICQToolbar
2007-06-09 22:49 <DIR> d-------- C:\DOCUME~1\Malteser\APPLIC~1\ICQ
2007-06-09 22:48 <DIR> d-------- C:\Program Files\ICQ6
2007-06-09 00:02 <DIR> d-------- C:\Program Files\JijackThis
2007-06-08 15:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-08 15:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-06 20:50 55,316 --a------ C:\WINDOWS\system32\cunrnsso.dll
2007-06-05 20:46 14,868 --a------ C:\WINDOWS\system32\khuhykom.exe
2007-06-04 20:45 2,580 --a------ C:\WINDOWS\system32\rmqwnywf.exe
2007-06-03 20:54 2,580 --a------ C:\WINDOWS\system32\saotwgru.exe
2007-06-02 20:49 2,580 --a------ C:\WINDOWS\system32\jdjbawyr.exe
2007-06-01 20:41 2,580 --a------ C:\WINDOWS\system32\mwreodep.exe
2007-06-01 20:40 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-01 20:31 273,408 --a------ C:\DOCUME~1\Malteser\setup.exe
2007-05-30 20:08 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2007-05-30 20:08 <DIR> d-------- C:\Program Files\EPSON Print CD
2007-05-30 20:08 <DIR> d-------- C:\Program Files\EPSON GrayBalancer
2007-05-30 20:07 203,776 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-05-30 20:07 108,032 --a------ C:\WINDOWS\system32\EBUtil.dll
2007-05-30 20:06 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-05-30 20:06 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-05-30 18:27 <DIR> d-------- C:\Program Files\Google
2007-05-30 18:06 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-30 18:03 68,236 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2007-05-30 18:03 57,344 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-05-30 18:03 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-05-30 17:52 <DIR> d-------- C:\Program Files\EPSON
2007-05-30 17:45 77,824 --a------ C:\WINDOWS\system32\PICEntry.dll
2007-05-30 17:45 73,728 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-05-30 17:45 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2007-05-30 17:45 495,616 --a------ C:\WINDOWS\system32\PICSDK2.dll
2007-05-30 17:45 4,943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2007-05-30 17:45 31,053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2007-05-30 17:45 27,417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2007-05-30 17:45 26,154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-05-30 17:45 24,903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2007-05-30 17:45 21,390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2007-05-30 17:45 20,148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-05-30 17:45 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2007-05-30 17:45 111,932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-05-30 17:45 11,811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2007-05-30 17:45 1,146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2007-05-30 17:45 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-05-30 17:45 1,139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-05-30 17:45 1,136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-05-30 17:45 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-05-30 17:45 1,129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-05-30 17:45 1,120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2007-05-30 17:45 1,107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2007-05-30 17:45 1,104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-05-30 17:45 <DIR> d-------- C:\EPSON
2007-05-27 13:05 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-27 13:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-27 13:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-26 17:35 <DIR> d-------- C:\Program Files\THQ
2007-05-26 17:35 <DIR> d-------- C:\Extras
2007-05-26 17:35 <DIR> d-------- C:\Autorun
2007-05-25 18:36 <DIR> d-------- C:\DOCUME~1\Malteser\APPLIC~1\DivX
2007-05-25 18:35 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-05-25 18:35 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-25 18:35 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-25 18:35 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-05-25 18:35 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-05-25 18:35 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-05-25 18:25 <DIR> d-------- C:\Program Files\DivX
2007-05-25 18:25 <DIR> d-------- C:\DOCUME~1\Malteser\APPLIC~1\Dr. DivX 2.0 OSS
2007-05-25 12:40 <DIR> d-------- C:\Program Files\Sony Setup
2007-05-25 12:40 <DIR> d-------- C:\DOCUME~1\Malteser\APPLIC~1\Sony Setup


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 13:02:52 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Skype
2007-06-24 12:57:19 -------- d-----w C:\Program Files\Steam
2007-06-24 12:56:48 -------- d-----w C:\Program Files\HLSW
2007-06-24 12:55:39 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Azureus
2007-06-20 14:49:43 -------- d-----w C:\Program Files\World of Warcraft
2007-06-17 14:52:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-15 22:31:21 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Xfire
2007-06-15 13:49:48 -------- d-s---w C:\Program Files\Xfire
2007-06-08 22:05:09 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Hamachi
2007-06-08 17:49:56 -------- d-----w C:\Program Files\MSN Messenger
2007-05-28 23:01:04 -------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-05-19 23:16:44 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\TuneUp Software
2007-05-19 23:16:18 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-17 17:47:40 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\InterVideo
2007-05-17 17:46:38 -------- d-----w C:\Program Files\InterVideo Information Service
2007-05-17 17:46:38 -------- d-----w C:\Program Files\Common Files\Ulead
2007-05-17 17:46:37 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-17 17:45:19 -------- d-----w C:\Program Files\InterVideo
2007-05-17 17:45:19 -------- d-----w C:\Program Files\Common Files\InterVideo
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 14:55:45 -------- d-----w C:\Program Files\id Software
2007-05-14 14:39:53 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Ahead
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-10 16:56:01 -------- d-----w C:\Program Files\VisDir
2007-05-09 13:07:00 -------- d-----w C:\Program Files\Electronic Arts
2007-05-07 15:58:19 -------- d-----w C:\Program Files\Codemasters
2007-05-07 00:55:31 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Real
2007-05-07 00:55:24 1,586 ----a-w C:\WINDOWS\mozver.dat
2007-05-07 00:54:46 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-07 00:54:44 -------- d-----w C:\Program Files\Common Files\Real
2007-05-07 00:54:33 -------- d-----w C:\Program Files\Real
2007-05-06 22:07:17 -------- d-----w C:\Program Files\QuickTime
2007-05-06 22:06:58 -------- d-----w C:\Program Files\Apple Software Update
2007-05-06 18:46:29 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-06 18:43:04 -------- d-----w C:\Program Files\Microsoft Games
2007-05-05 21:53:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-05 21:39:16 -------- d-----w C:\Program Files\Lionhead Studios
2007-05-05 20:18:14 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-05 20:18:14 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-05 20:12:23 -------- d-----w C:\Program Files\Futuremark
2007-05-05 16:04:18 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-05-03 19:03:11 -------- d-----w C:\Program Files\Realtek
2007-05-02 22:45:15 -------- d-----w C:\Program Files\Messenger
2007-05-02 22:33:40 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-02 20:54:42 -------- d-----w C:\Program Files\Rockstar Games
2007-05-02 20:52:08 -------- d-----w C:\Program Files\Hamachi
2007-05-02 20:51:57 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-05-02 19:37:05 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\BSplayer Pro
2007-05-02 19:34:58 -------- d-----w C:\Program Files\Webteh
2007-05-02 19:17:18 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-02 19:16:02 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-02 19:14:44 -------- d-----w C:\Program Files\Azureus
2007-05-02 19:00:13 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-02 18:08:09 -------- d-----w C:\Program Files\Alwil Software
2007-05-02 18:07:29 -------- d-----w C:\Program Files\Skype
2007-05-02 18:07:29 -------- d-----w C:\Program Files\Common Files\Skype
2007-05-02 18:05:24 -------- d-----w C:\DOCUME~1\Malteser\APPLIC~1\Ventrilo
2007-05-02 18:02:51 -------- d-----w C:\Program Files\Ventrilo
2007-05-02 17:57:30 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 14:18:58 -------- d-----w C:\Program Files\CyberLink
2007-04-27 14:17:44 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-27 14:16:02 -------- d-----w C:\Program Files\Nero
2007-04-27 09:45:44 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-27 09:45:42 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-27 09:16:30 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-27 09:16:08 0 --sha-r C:\MSDOS.SYS
2007-04-27 09:16:08 0 --sha-r C:\IO.SYS
2007-04-27 09:16:08 0 ----a-w C:\CONFIG.SYS
2007-04-27 09:16:08 0 ----a-w C:\AUTOEXEC.BAT
2007-04-27 09:15:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-27 09:14:35 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-27 09:14:29 -------- d-----w C:\Program Files\Movie Maker
2007-04-27 09:13:53 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-27 09:13:38 -------- d-----w C:\Program Files\Online Services
2007-04-27 09:13:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-27 09:13:23 -------- d-----w C:\Program Files\Windows NT
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 09:40]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2004-12-10 19:44]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-12-10 19:44]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 06:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


Contents of the 'Scheduled Tasks' folder
2007-06-22 21:29:18 C:\WINDOWS\tasks\1-Click Maintenance.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 14:08:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 14:08:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 14:08

--- E O F ---

-----------------------------------------------------------------------------------------------------------------------------





Thanks.
malteser

#6 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 24 June 2007 - 11:31 AM

Hi,

Thanks for posting your log files!

Things are looking good, can you tell me how your computer is running and if any problems persist?

:D
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".

#7 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 01 July 2007 - 08:41 AM

Hello,

I just thought I would see how you were getting on with your computer . . . Do you still need help or shall we close this thread?

:)
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".

#8 Chancellor

Chancellor

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 3,020 posts

Posted 03 July 2007 - 03:36 PM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Chancellor

Please consider a donation to help Support SWI
Malware Complaints - Report them here and fight back!
Member of ASAP Since 2006 (Alliance of Security Analysis Professionals)
Please read the FAQ and the article "So how did I get infected in the first place?".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button