• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
HanCholo

Malware wont die!...

12 posts in this topic

Ok so here it goes.

 

Sister was on computer. She tends to go to alot of those myspace free gif/glitter sites that are full of ads. Never had an issue for the times shes gone on, until a few days ago. After being on a few sites she steps away comes back to the comp and various ad sites have opened up on their own. I think in her effort to close the prompts (and as tricky as they are worded) winantiviruspro2007 was installed. Ran McAffee Virus with its own "spyware protection" and nothing showed up. Looked into free spyware programs, downloaded and installed Spyware Terminator from a supposed secure freeware site, not much help from that (which i later uninstalled). Downloaded and installed a trial copy of Spyware Doctor which did find 332 files that had issues but of course the trial version wouldnt allow me to remove them. In frustration i called it a day.

 

The next day i installed a spare copy of Spy Sweeper (which seems to be totally slowing my comp on startup, it has all 11 shields up, is that a common occurance? i think i read its a bit of a system hog. or is that the malware slowing me down?). Spy Sweeper did pick up trojans, virtumonde, vundo.dll i believe, amoungst others. Had to run that a few times each time thinking that it had caught and removed them only to go online again and still get those annoying popups (maniaTV, Winantiviruspro2007, spybotware?,a ringtone site, etc.). I do remember a message stating that i was low on resources, after that opening a web page took about 3 minutes, opening a folder on my desktop took about 30 seconds. Felt like i was losing my computer altogether.

 

Did more research online and heard VundoFix might work so i ran that thinking it would be a quick way to fix the problem (hoping that i didnt have to go through what SEEMED to be an intimidating process listed on this site). It picked up many a file. Yet after going online still the popup pages pursisted.

 

Finally i decided to give it a try, read the FAQ section, ran Ad-Ware, Spybot, AVG Anti-Spyware, Kaspersky and BitDefender as directed. Things seem to be much better now but id like to have your input on how clean my system truly is. I believe ive included all the proper logs/reports you requested. Your work and response is much appreciated. Thanks again.

 

Logs and Reports below:

-VundoFix (wasnt quite sure if you needed to see this)

-AVG

-Kaspersky

-BitDefender

-HijackThis

 

VundoFix:

 

VundoFix V6.4.1

 

Checking Java version...

 

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

 

Scan started at 6:19:56 PM 5/30/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\fccccyw.dll

C:\WINDOWS\system32\gebyv.dll

C:\WINDOWS\system32\qtutv.bak1

C:\WINDOWS\system32\qtutv.bak2

C:\WINDOWS\system32\qtutv.ini

C:\WINDOWS\system32\qtutv.ini2

C:\WINDOWS\system32\qtutv.tmp

C:\WINDOWS\system32\vtutq.dll

C:\WINDOWS\system32\wvuurqn.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\fccccyw.dll

C:\WINDOWS\system32\fccccyw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebyv.dll

C:\WINDOWS\system32\gebyv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qtutv.bak1

C:\WINDOWS\system32\qtutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qtutv.bak2

C:\WINDOWS\system32\qtutv.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qtutv.ini

C:\WINDOWS\system32\qtutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qtutv.ini2

C:\WINDOWS\system32\qtutv.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qtutv.tmp

C:\WINDOWS\system32\qtutv.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtutq.dll

C:\WINDOWS\system32\vtutq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wvuurqn.dll

C:\WINDOWS\system32\wvuurqn.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

AVG:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:58:48 PM 5/30/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0057793.dll -> Adware.Virtumonde : Cleaned.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0057797.dll -> Adware.Virtumonde : Cleaned.

C:\VundoFix Backups\fccccyw.dll.bad -> Adware.Virtumonde : Cleaned.

C:\VundoFix Backups\wvuurqn.dll.bad -> Adware.Virtumonde : Cleaned.

C:\WINDOWS\system32\T6\dlwr.exe -> Downloader.Agent.brf : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\YazzleBundle-1281.exe -> Downloader.PurityScan.eg : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\xpre.exe -> Downloader.VB.ayb : Cleaned.

C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\WinAntiVirusPro2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.u : Cleaned.

:mozilla.10:C:\Documents and Settings\Jesse\Application Data\Greyfirst\Celtx\Profiles\nw7k67le.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@arn.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@freemusicconnection.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@getmusicfree.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@arn.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

:mozilla.6:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\JESSEKA\Cookies\jesseka@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@adtiger[2].txt -> TrackingCookie.Adtiger : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@www.adtiger[1].txt -> TrackingCookie.Adtiger : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@www.belstat[3].txt -> TrackingCookie.Belstat : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\Cookies\janice@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ads.cnn[1].txt -> TrackingCookie.Cnn : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.

C:\Documents and Settings\JESSEKA\Cookies\jesseka@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\Cookies\janice@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\JESSEKA\Cookies\jesseka@cdn.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.586:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@www.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@info[2].txt -> TrackingCookie.Info : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@web.info[1].txt -> TrackingCookie.Info : Cleaned.

:mozilla.257:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Information : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@search.live[2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@beta.search.live[1].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@search.live[2].txt -> TrackingCookie.Live : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.243:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.244:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.245:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.246:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.247:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.248:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.249:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.761:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.762:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\JESSEKA\Cookies\jesseka@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\Cookies\janice@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Jesse\Local Settings\Temp\Cookies\jesse@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\Cookies\janice@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@banner.newyorkcasino[2].txt -> TrackingCookie.Newyorkcasino : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.216:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Real : Cleaned.

:mozilla.217:C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\te5kx33r.default\cookies.txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@media.revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@share.skype[1].txt -> TrackingCookie.Skype : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@site.skype[2].txt -> TrackingCookie.Skype : Cleaned.

C:\Documents and Settings\Jesse\Cookies\jesse@skype[1].txt -> TrackingCookie.Skype : Cleaned.

C:\Documents and Settings\Janice\Local Settings\Temp\Cookies\janice@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\JESSEKA\Cookies\jesseka@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\Janice\Cookies\janice@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe -> Trojan.VB.nhr : Cleaned.

 

 

::Report end

 

 

 

Kaspersky:

 

KASPERSKY ONLINE SCANNER REPORT

Thursday, May 31, 2007 12:04:39 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 31/05/2007

Kaspersky Anti-Virus database records: 334550

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

E:\

 

Scan Statistics

Total number of scanned objects 152193

Number of viruses found 9

Number of infected objects 18

Number of suspicious objects 0

Duration of the scan process 01:32:52

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DFAC50D1-2586-4D58-AE7D-485529BDB5C7}.log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

 

C:\Documents and Settings\Janice\Application Data\Spyware Terminator\info.htm Object is locked skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\Tam01065.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\Tam01065.exe NSIS: infected - 1 skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\Temporary Internet Files\Content.IE5\T2MMS6VU\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream/data0001 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream/data0002/Stream/data0001 Infected: Trojan-Downloader.Win32.Agent.alr skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream/data0002/Stream Infected: Trojan-Downloader.Win32.Agent.alr skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream/data0002 Infected: Trojan-Downloader.Win32.Agent.alr skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream/data0018 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe/Stream Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped

 

C:\Documents and Settings\Janice\Local Settings\Temp\~freesetup.exe Inno: infected - 6 skipped

 

C:\Documents and Settings\Jesse\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

 

C:\Documents and Settings\Jesse\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

 

C:\Documents and Settings\Jesse\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

 

C:\Documents and Settings\Jesse\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

 

C:\Documents and Settings\Jesse\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped

 

C:\Documents and Settings\Jesse\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\Jesse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\Jesse\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\Jesse\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\Jesse\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\Jesse\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS019FE224-22C9-415A-A8BC-39944BA5D3E1.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS03A966C6-C15E-4995-8DA6-7E36FD642B74.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C1C0C70-6AE9-4097-A93D-B7A3EEBB906E.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E0E3D1C-8C2C-44CB-BEDC-E015FD954B22.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11E50FCB-8804-40BA-AB69-07FB822ECBA9.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS124C9500-E41B-493D-9BEB-CA2416F65BC1.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS128F32E7-085D-463C-B2BA-9D5A6A40718B.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1341B99C-5FF4-4F80-91B1-B3C5D8FFE82C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS169B7086-8CF8-49B8-B84F-D92F5A73422C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1850F49D-865B-4B7A-B10B-985E09C5B923.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19DF6F2F-FC25-4958-BBBA-66C0A42AFB64.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2420919A-085D-4578-BC46-BE675254D6DE.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2AA06750-D3C4-42D5-BE6E-30C26C965576.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2ADB97E6-A27A-4D2F-882A-BE0063499269.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E799361-AE25-47D5-A235-A943E78D6C98.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E7A74F5-2C14-4182-B064-EFF9B13CFE94.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F35843F-C5FA-496E-9F28-F1E1EDCDBB22.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37AC2A60-72C7-41FF-9783-DFCD9CFBA726.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37E182CE-3E9A-45D3-843C-985F62754759.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38BE4E91-55CA-4A68-AA50-7AEECF9FB0A1.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C281D25-0458-4A87-BB85-B26AF572F92E.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EA574ED-42B1-4343-8082-76AFC18DC6B5.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3EBC53EA-DE06-493B-8365-5C23311DF58D.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS47B933E6-F707-4935-9DE8-261CEC1D9DCC.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS47EBFDCD-6933-4B08-A308-24C921E88CC9.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A1D48B6-B8FE-4386-85F0-2FB5233C3AAA.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AD919AD-59B9-4BBE-A268-00302A17F5D1.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E0E2294-C2FE-4B17-98AE-504C05178139.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F41FC2F-B094-4EAB-95E3-7AB6784A1C62.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS51B73954-06DE-4D1C-BCD4-B9BA27CE4DCD.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS593D6ABF-0144-4176-8125-EE9393833083.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65CE35B2-9FFB-4EE0-BF3E-F14A11F23B41.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS70BA6A34-DC38-4F92-AA4E-D5ACA9684B09.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75E5E3A9-B72B-420D-91A4-30FB5397F3E8.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7C43A2F5-702B-458D-ABEE-C4D305E8E961.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EFC5260-C2EF-4383-8E7D-1FFCE5E87EF4.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E370DC9-9714-4CA0-A482-F8BD4093EA3C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS92152F51-7F52-4EDB-BB49-613A3D1E29A0.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS962CBFB6-03A1-4D3D-8D73-D1E66BFE5573.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS97D6B5F4-74C8-447D-A088-A4D273D7E6C4.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9849CC42-1BFE-4F78-8ACE-79AA8B48BE22.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS995E5D39-ADA1-4060-B61F-71B74D37D1AB.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C027D32-34D6-4B0C-A912-1B3FBE5D7E6C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9DC2135D-F2BE-4D58-B115-36B8BB53F1C4.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0373464-2F60-45FE-AC52-ECF17E3F8378.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7898C0E-5519-409F-8515-F2B100E86F4F.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSADEFB0FF-D06D-41A6-A343-BB811E439DD3.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF415A94-4D25-446C-B6E3-F92F83DC7523.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9E6177D-DA12-4C38-B696-8DF7AAB12308.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBBAA20C0-3A60-48B9-9566-7CDA4375BC81.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD8EFFF5-8119-4939-9230-EECFDEB5380B.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBEC1CF2B-C99D-4B14-9259-AFF5494BB3BE.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFDA2B68-948A-44F0-919E-9D51E4E090C5.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1C3953D-0394-44CB-815F-6E101A2CCC7A.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7C275DB-BD72-44E7-82B9-0CAD9B53AB3C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA2428CA-348B-4A57-880C-B548C1C5F552.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE802287-C2EA-4E8E-B58E-0950D40676F6.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEA8242F-2D57-4EE5-BEEB-228436D56C2C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD21FEC70-9E1D-477C-826A-49177672E65C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD2C92655-EA98-4515-B5C5-DACE589CA1C0.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE1CF3AA-C03B-4B92-8F26-7155B599E965.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDFCEFB00-ADC4-4616-BCE2-169782E7BD01.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE144E130-9A6B-404D-A0FF-E4301FD08D0C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE41F4602-E0AC-4BCA-959A-4C420E696457.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF91EE5E8-77BF-4A06-BD91-91D4C1A308D1.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF93C79A0-067F-4F88-9DC6-7CE2E01FBBC7.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB38FFD7-0E27-45AF-987B-9D97A813CBE0.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC61EFC1-54E3-4678-B530-5EE8215CBA3B.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFFF65DD0-16B0-4847-BB1E-5B49B3A8302C.tmp Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

 

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

 

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

 

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0057794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0057796.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058114.exe Infected: Trojan-Downloader.Win32.VB.fn skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058115.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058116.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\change.log Object is locked skipped

 

C:\VundoFix Backups\gebyv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

 

C:\VundoFix Backups\vtutq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped

 

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0157DE04-1BB6-405F-BAA3-E27E33868ED5}.crmlog Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped

 

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\cxdlhfpo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

 

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\mcafee_ZZXLHFR89nQgHnD Object is locked skipped

 

C:\WINDOWS\Temp\mcmsc_41Q9yhRHX2vH5LA Object is locked skipped

 

C:\WINDOWS\Temp\mcmsc_dnWwlqW4mywZM0W Object is locked skipped

 

C:\WINDOWS\Temp\mcmsc_LNfWmhSaY2qLy7S Object is locked skipped

 

C:\WINDOWS\Temp\mcmsc_xefWmvWlneJo6v9 Object is locked skipped

 

C:\WINDOWS\Temp\sqlite_I99U7a7RpttPKcW Object is locked skipped

 

C:\WINDOWS\Temp\sqlite_LeB7TNvDGJhLr04 Object is locked skipped

 

C:\WINDOWS\Temp\sqlite_me4cdoEXcEpADgg Object is locked skipped

 

C:\WINDOWS\Temp\sqlite_RzAUXJOoklQeOko Object is locked skipped

 

C:\WINDOWS\Temp\sqlite_S3ZhMImW60FMEKz Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

 

BitDefender:

 

BitDefender Online Scanner

 

 

 

Scan report generated at: Thu, May 31, 2007 - 01:47:13

 

 

 

 

 

Scan path: A:\;C:\;D:\;E:\;

 

 

 

 

 

 

 

Statistics

 

Time

01:32:40

 

Files

510636

 

Folders

12893

 

Boot Sectors

4

 

Archives

5332

 

Packed Files

30361

 

 

 

 

Results

 

Identified Viruses

4

 

Infected Files

5

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

5

 

 

 

 

Engines Info

 

Virus Definitions

509590

 

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

6

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\Documents and Settings\Janice\Local Settings\Temp\Tam01065.exe

Infected with: Trojan.Agent.VB.ANT

 

C:\Documents and Settings\Janice\Local Settings\Temp\Tam01065.exe

Disinfection failed

 

C:\Documents and Settings\Janice\Local Settings\Temp\Tam01065.exe

Deleted

 

C:\Documents and Settings\Janice\Local Settings\Temp\Temporary Internet Files\Content.IE5\T2MMS6VU\popup[4].htm

Detected with: Application.JS.ForcePopup.D

 

C:\Documents and Settings\Janice\Local Settings\Temp\Temporary Internet Files\Content.IE5\T2MMS6VU\popup[4].htm

Disinfection failed

 

C:\Documents and Settings\Janice\Local Settings\Temp\Temporary Internet Files\Content.IE5\T2MMS6VU\popup[4].htm

Deleted

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058114.exe

Infected with: Trojan.Agent.VB.ANT

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058114.exe

Disinfection failed

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058114.exe

Deleted

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058115.exe

Infected with: Trojan.Downloader.Agent.BRF

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058115.exe

Disinfection failed

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0058115.exe

Deleted

 

C:\WINDOWS\system32\cxdlhfpo.dll

Infected with: Trojan.Virtumod.ALZ

 

C:\WINDOWS\system32\cxdlhfpo.dll

Disinfection failed

 

C:\WINDOWS\system32\cxdlhfpo.dll

Deleted

 

 

 

HiJackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 3:10:25 AM, on 5/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Jesse\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\fccccyw.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: 0 - {5C89CEE7-C180-4475-43BA-F4CD152EA582} - C:\Program Files\Windows NT\ryliby.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\imapqans.dll

O2 - BHO: (no name) - {F6CE4754-A759-43D3-BAA9-D24B04791BE5} - C:\WINDOWS\system32\vtutq.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" -a

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154184562281

O18 - Protocol

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Your HIjackThislog got cut off at the end, but that's ok for now, we'll find out later what's still present..

 

Do next in the right order...

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\fccccyw.dll (file missing)

O2 - BHO: 0 - {5C89CEE7-C180-4475-43BA-F4CD152EA582} - C:\Program Files\Windows NT\ryliby.dll (file missing)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\imapqans.dll

O2 - BHO: (no name) - {F6CE4754-A759-43D3-BAA9-D24B04791BE5} - C:\WINDOWS\system32\vtutq.dll (file missing)

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Please make sure your Spysweeper is not inerfering with the HijackThisfixes.

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Thanks! Here are the logs you asked for. (its the full hijackthis log, i know u mentioned the previous log cut off but this is all there is for this current log.)

 

Again your help is greatly appreciated.

 

ps-Is Spy Sweeper all its cracked up to be? Should i keep it?...just curious.

 

 

:D

 

 

 

 

"Jesse" - 2007-06-04 18:13:05 Service Pack 2 NTFS

ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Jesse\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\imapqans.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\install.log

C:\Program Files\Common Files\{10FE8~1

C:\Temp\0b9

C:\Temp\0b9\tmpTF.log

C:\WINDOWS\system32\pog

C:\WINDOWS\system32\T3

C:\WINDOWS\system32\T4

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NM

 

 

((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))

 

 

2007-05-31 00:10 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-05-30 22:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-30 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-05-30 20:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-30 20:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-30 19:00 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-30 19:00 <DIR> d-------- C:\DOCUME~1\Jesse\APPLIC~1\Lavasoft

2007-05-30 18:54 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-05-30 18:19 <DIR> d-------- C:\VundoFix Backups

2007-05-29 23:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Webroot

2007-05-29 21:56 <DIR> d-------- C:\DOCUME~1\Janice\APPLIC~1\Webroot

2007-05-29 17:59 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot

2007-05-29 17:49 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2007-05-29 17:49 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-05-29 17:49 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys

2007-05-29 17:49 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2007-05-29 17:49 <DIR> d-------- C:\Program Files\Webroot

2007-05-29 17:49 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot

2007-05-29 17:49 <DIR> d-------- C:\DOCUME~1\Jesse\APPLIC~1\Webroot

2007-05-29 17:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot

2007-05-28 23:06 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-05-28 15:12 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-05-28 15:00 <DIR> d-------- C:\DOCUME~1\Janice\APPLIC~1\Spyware Terminator

2007-05-28 14:55 13,491 --a------ C:\WINDOWS\qwr67.exe

2007-05-28 09:23 <DIR> d-------- C:\WINDOWS\system32\TQ0

2007-05-28 09:23 <DIR> d-------- C:\WINDOWS\system32\T6

2007-05-28 09:23 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ

2007-05-12 20:28 <DIR> d-------- C:\DOCUME~1\Jesse\APPLIC~1\Google

2007-05-10 22:56 <DIR> d-------- C:\Program Files\BitPim

2007-05-06 10:17 <DIR> d--h----- C:\fslrdr

2007-05-06 09:09 <DIR> d-------- C:\Downloads

2007-05-06 09:09 <DIR> d-------- C:\DOCUME~1\Jesse\APPLIC~1\FlashGet

2007-05-06 09:08 <DIR> d-------- C:\Program Files\FlashGet

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-04 23:20:47 -------- d-----w C:\Program Files\Plaxo

2007-06-04 23:19:09 -------- d-----w C:\Program Files\McAfee

2007-05-31 00:00:02 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-05-30 23:10:06 -------- d-----w C:\Program Files\Viewpoint

2007-05-29 03:06:05 -------- d-----w C:\Program Files\GameSpy Arcade

2007-05-28 23:56:20 -------- d-----w C:\Program Files\Windows NT

2007-05-28 20:05:13 -------- d-----w C:\Program Files\DAEMON Tools

2007-05-27 00:10:56 -------- d-----w C:\Program Files\World of Warcraft

2007-05-26 09:16:51 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-24 03:30:20 -------- d-----w C:\DOCUME~1\Jesse\APPLIC~1\RipIt4Me

2007-05-16 05:18:55 -------- d-----w C:\Program Files\DivX

2007-05-13 01:28:37 -------- d-----w C:\Program Files\Google

2007-05-08 00:25:02 -------- d-----w C:\Program Files\Dl_cats

2007-05-03 04:13:40 -------- d-----w C:\DOCUME~1\Jesse\APPLIC~1\AdobeUM

2007-05-03 04:13:38 37,027 ----a-w C:\WINDOWS\atmoUn.exe

2007-05-02 19:14:07 -------- d-----w C:\Program Files\Celtx

2007-04-22 01:19:54 -------- d-----w C:\Program Files\Any DVD Converter Professional

2007-04-22 01:19:47 -------- d-----w C:\Program Files\Any DVD Converter for PSP

2007-04-21 15:12:42 -------- d-----w C:\Program Files\SiteAdvisor

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-08 15:58:13 -------- d--h--w C:\DOCUME~1\Jesse\APPLIC~1\Gtek

2007-04-08 15:40:25 -------- d-----w C:\Program Files\DellSupport

2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-03-18 13:37:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-02-18 16:47:27 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]

{089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 10:41]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

"CTHelper"="CTHELPER.EXE" [2005-11-08 12:30 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 04:00 C:\WINDOWS\system32\CTXFIHLP.EXE]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 02:40]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-08 21:39]

"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 00:50]

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 13:42]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jesse^Start Menu^Programs^Startup^Registration Far Cry.LNK]

path=C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\Registration Far Cry.LNK

backup=C:\WINDOWS\pss\Registration Far Cry.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1146709478\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL ACS"=2 (0x2)

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-28 14:33:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-05-15 06:12:58 C:\WINDOWS\tasks\McDefragTask.job

2007-05-01 06:00:01 C:\WINDOWS\tasks\McQcTask.job

 

**************************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-04 18:20:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-04 18:22:55 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-04 18:22

 

--- E O F ---

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\imapqans.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\install.log

C:\Program Files\Common Files\{10FE8~1

C:\Temp\0b9

C:\Temp\0b9\tmpTF.log

C:\WINDOWS\system32\pog

C:\WINDOWS\system32\T3

C:\WINDOWS\system32\T4

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NM

 

 

((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 )))))))))))))))))))))))))))))))

 

 

2007-06-04 18:22 49,152 --a------ C:\WINDOWS\nircmd.exe

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-04 23:20:47 -------- d-----w C:\Program Files\Plaxo

2007-06-04 23:19:09 -------- d-----w C:\Program Files\McAfee

2007-05-31 00:00:02 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-05-30 23:10:06 -------- d-----w C:\Program Files\Viewpoint

2007-05-29 03:06:05 -------- d-----w C:\Program Files\GameSpy Arcade

2007-05-28 23:56:20 -------- d-----w C:\Program Files\Windows NT

2007-05-28 20:05:13 -------- d-----w C:\Program Files\DAEMON Tools

2007-05-27 00:10:56 -------- d-----w C:\Program Files\World of Warcraft

2007-05-26 09:16:51 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-24 03:30:20 -------- d-----w C:\DOCUME~1\Jesse\APPLIC~1\RipIt4Me

2007-05-16 05:18:55 -------- d-----w C:\Program Files\DivX

2007-05-13 01:28:37 -------- d-----w C:\Program Files\Google

2007-05-08 00:25:02 -------- d-----w C:\Program Files\Dl_cats

2007-05-03 04:13:40 -------- d-----w C:\DOCUME~1\Jesse\APPLIC~1\AdobeUM

2007-05-03 04:13:38 37,027 ----a-w C:\WINDOWS\atmoUn.exe

2007-05-02 19:14:07 -------- d-----w C:\Program Files\Celtx

2007-04-22 01:19:54 -------- d-----w C:\Program Files\Any DVD Converter Professional

2007-04-22 01:19:47 -------- d-----w C:\Program Files\Any DVD Converter for PSP

2007-04-21 15:12:42 -------- d-----w C:\Program Files\SiteAdvisor

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-08 15:58:13 -------- d--h--w C:\DOCUME~1\Jesse\APPLIC~1\Gtek

2007-04-08 15:40:25 -------- d-----w C:\Program Files\DellSupport

2007-03-27 07:55:23 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-03-27 07:55:23 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-03-18 13:37:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-02-18 16:47:27 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]

{089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 10:41]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

"CTHelper"="CTHELPER.EXE" [2005-11-08 12:30 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 04:00 C:\WINDOWS\system32\CTXFIHLP.EXE]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]

"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]

"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]

"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 02:40]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 05:48]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-08 21:39]

"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 00:50]

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 13:42]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jesse^Start Menu^Programs^Startup^Registration Far Cry.LNK]

path=C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\Registration Far Cry.LNK

backup=C:\WINDOWS\pss\Registration Far Cry.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1146709478\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL ACS"=2 (0x2)

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-28 14:33:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-05-15 06:12:58 C:\WINDOWS\tasks\McDefragTask.job

2007-05-01 06:00:01 C:\WINDOWS\tasks\McQcTask.job

 

**************************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-04 18:23:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-04 18:24:39 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-04 18:24

 

--- E O F ---

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:26, on 2007-06-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiteAdvisor\6066\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\Jesse\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" -a

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154184562281

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Share this post


Link to post
Share on other sites

Hello,

 

This is already a lot better...

 

Delete next folders:

 

C:\Qoobox

C:\VundoFix Backups

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

ps-Is Spy Sweeper all its cracked up to be? Should i keep it?...just curious.
Not sure what you mean - I don't know either if you purchased it or not, but if you didn't.. uninstall it. Spysweeper is a resource hog and the fact that you have McAfee present which is also a huge resource hog, I can imagine that your system may be crawling.

Or you can just disable Spysweeper from startup.

You may want to read this as well:

What Really Slows Windows Down.

That's also one of the reasons why I didn't include McAfee and Spysweeper in my signature below under Antivirus and Antispywarescanners. This because too many people are complaining afterwards when they installed above that their system is really slow. Another reason why I didn't include Spysweeper is because of this.

Ethics - but then again, that's a personal opinion.

 

As a sidenote.. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Let me know in your next reply how things are running now.

Share this post


Link to post
Share on other sites

HI!

 

I did everything you told me to (removed Spy Sweeper, system seems a bit faster) and my system is working fine. Do i need to provide anything else?....any other wisdom to share on how to not have this happen again?

 

Thank you sooo much for your help. You guys provide an amazing service.

 

 

:D:thumbsup:

Share this post


Link to post
Share on other sites

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Thanks again, a Godsend i tell ya!

 

ok so one final question...i have McAfee running but in the process of all this you guys had me install AVG, but you do mention to not have 2 anti virus programs running. Is running AVG and McAfee ok?

 

Again thanks for everything youve done.

 

:D

Share this post


Link to post
Share on other sites

Hi,

 

Well, you do have AVG Antispyware installed which is different than AVG Antivirus.

I would not recommend AVG Antivirus in combination with McAfee or any Antivirus in combination with another Antivirus, since they are not compatible.

But AVG Antispyware shouldn't be any problem - since this is no Antivirus... although I can imagine that since AVG Antispyware running in the background may also cause an extra slowdown - especially since McAfee already needs a lot of resources. But you can just disable the realtime guard there. Actually, it will get disabled anyway since it's the trial version.

You will still be able to update it manually and perform on demand scans.

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0