 |
 |
| 
en1gmat1c
New Member
Date Joined Aug 2008
Total Posts : 6
| Posted 8-27-2008 3:34 (GMT +1) |   | I somehow ended up with quite a few trojans according to my AVG
here is the hijackthis log
--------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:10 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MOZILL~1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.l2orphus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphcrw6j0e151] C:\WINDOWS\system32\lphcrw6j0e151.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\judrrcvm.dll",b
O4 - HKLM\..\Run: [BM4373b8cf] Rundll32.exe "C:\WINDOWS\system32\hyowxlqt.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1383] command /c del "C:\WINDOWS\system32\hyowxlqt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3884] cmd /c del "C:\WINDOWS\system32\hyowxlqt.dll_old"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\Owner\LOCALS~1\Temp\win492.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2228] command /c del "C:\WINDOWS\system32\hyowxlqt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8011] cmd /c del "C:\WINDOWS\system32\hyowxlqt.dll_old"
O4 - HKCU\..\Policies\Explorer\Run: [{40408BFC-0897-1033-0611-040404120001}] "C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: xwqcpc.dll ivamts.dll vkmbqr.dll kmoxxm.dll nqtyqg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Unknown owner - C:\Program Files\Nakido\nakido.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - Unknown owner - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
----------------------------------------------------------------------- | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-29-2008 3:57 (GMT +1) | | Hello 
Please download Malwarebytes' Anti-Malware:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
en1gmat1c
New Member
Date Joined Aug 2008
Total Posts : 6
| Posted 8-29-2008 5:54 (GMT +1) | | Here is the log from MalwareBytes
Memory Processes Infected: 0
Memory Modules Infected: 9
Registry Keys Infected: 29
Registry Values Infected: 11
Registry Data Items Infected: 4
Folders Infected: 3
Files Infected: 58
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\cwfpqkht.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJYqNDW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hlpeljik.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xwqcpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ivamts.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vkmbqr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kmoxxm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nqtyqg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUlMDUo.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14f8d821-fe59-467e-a6ed-b1a11b9addb4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{14f8d821-fe59-467e-a6ed-b1a11b9addb4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35cfe9b1-81c2-4d01-a350-a759292ad7fc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulmduo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{35cfe9b1-81c2-4d01-a350-a759292ad7fc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0adafe3-1ebe-430e-940b-da2968ffb81b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0adafe3-1ebe-430e-940b-da2968ffb81b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{497a75b0-dfa9-4c88-bef8-8cd495dd6c24} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{497a75b0-dfa9-4c88-bef8-8cd495dd6c24} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winqap32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40408b53 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm4373b8cf (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35cfe9b1-81c2-4d01-a350-a759292ad7fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrw6j0e151 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhcvw6j0e151 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljyqndw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljyqndw -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\371186 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\mlJYqNDW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\WDNqYJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WDNqYJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlMDUo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nqtyqg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cwfpqkht.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\thkqpfwc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkymvnls.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlpeljik.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xwqcpc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ivamts.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vkmbqr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kmoxxm.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4LAR8PYB\kb767887 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7LR2IBL\CA09IV4X (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7LR2IBL\2t7t.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7LR2IBL\kb456456 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C7LR2IBL\kb671231 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YLJ4P4B2\kb456456 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP744\A0135209.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP745\A0136440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP745\A0136443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP745\A0137464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP745\A0137475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0137558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0137559.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0138577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0138598.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0138601.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP746\A0138576.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP747\A0140614.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP747\A0141607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP747\A0141617.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilkcnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nlabvkpv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuyxoxjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aiaiicou.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmclbuvu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qngtmrat.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtskfylu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ownuhbdi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\davghnul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjrcmloj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgfctpsc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winqap32.dll (Dialer) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4373b8cf.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4373b8cf.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcrw6j0e151.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcrw6j0e151.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xycdd.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------------------------------------
and here is the HijackThis log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.l2orphus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {c95093f5-5446-a44a-8424-9f3c2c8ba416} - {614ab8c2-c3f9-4248-a44a-64455f39059c} - C:\WINDOWS\system32\ilkcnj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Policies\Explorer\Run: [{40408BFC-0897-1033-0611-040404120001}] "C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: xwqcpc.dll ivamts.dll vkmbqr.dll kmoxxm.dll nqtyqg.dll ilkcnj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Unknown owner - C:\Program Files\Nakido\nakido.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - Unknown owner - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12492 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-29-2008 6:09 (GMT +1) | | You´ve certainly got rid of some crap there 
I´ll therefore suggest you post a combolog -
Please download Combofix:
And save to the desktop.
Close all other browser windows.
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
en1gmat1c
New Member
Date Joined Aug 2008
Total Posts : 6
| Posted 8-30-2008 1:13 (GMT +1) | | k here is the combofix log
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\B348TXN2\bin.clearspring.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\B348TXN2\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\B348TXN2\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\B348TXN2\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\dfrpotmd.ini
C:\WINDOWS\system32\hkwckpkc.ini
C:\WINDOWS\system32\idbhunwo.ini
C:\WINDOWS\system32\ippybego.ini
C:\WINDOWS\system32\ljypahev.ini
C:\WINDOWS\system32\Memman.vxd
C:\WINDOWS\system32\mvcrrduj.ini
C:\WINDOWS\system32\pemvswkd.ini
C:\WINDOWS\system32\skinboxer43.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sysrest.sys
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-28 22:01 . 2008-08-28 22:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-28 22:00 . 2008-08-28 22:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 22:00 . 2008-08-28 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 22:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 22:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 21:29 . 2008-08-26 21:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 17:40 . 2008-08-25 17:40 199,168 --a------ C:\WINDOWS\system32\rqgohgsi.exe
2008-08-24 18:08 . 2008-08-29 18:25 <DIR> d-------- C:\Program Files\MOZILL~1
2008-08-24 13:45 . 2008-08-24 13:45 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-22 10:46 . 2008-08-22 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ExtendMedia
2008-08-13 17:32 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 17:32 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 11:52 . 2008-08-02 11:52 <DIR> d-------- C:\Program Files\Real Alternative
2008-08-01 16:35 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-01 16:34 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 23:38 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-29 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 03:18 --------- d-----w C:\Program Files\Trillian
2008-08-26 01:31 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-26 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-08-24 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 07:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 05:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-11 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-08-07 16:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Metacafe
2008-08-07 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-07-31 23:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-07-30 03:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-29 00:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-07-24 17:22 --------- d-----w C:\Program Files\Electronic Arts
2008-07-24 00:48 4 --sh--r C:\WINOS.SYS
2008-07-19 16:40 --------- d-----w C:\Program Files\The Rosetta Stone
2008-07-10 22:23 --------- d-----w C:\Program Files\Guitar Pro 5
2008-07-08 07:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
2008-07-04 01:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
2008-07-01 19:59 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-01 19:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-07-01 19:25 --------- d-----w C:\Program Files\free-downloads.net
2008-07-01 19:25 --------- d-----w C:\Program Files\Conduit
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 04:34 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 08:40 579584]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 00:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 21:39 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:36 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "C:\Program Files\interMute\SpySubtract\sshook.dll" [2004-08-30 09:48 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\d_kmd.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"65534:TCP"= 65534:TCP:azureus port
"9420:TCP"= 9420:TCP:Akamai Network Manager
"5000:UDP"= 5000:UDP:Akamai Network Manager
"56878:TCP"= 56878:TCP:PandoRest Listening Port
R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
S2 Nakido;Nakido;C:\Program Files\Nakido\nakido.exe []
S2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 pnicml;pnicml;C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys []
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 12:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2004-08-24 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 03:17]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{614ab8c2-c3f9-4248-a44a-64455f39059c} - C:\WINDOWS\system32\ilkcnj.dll
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-System Mechanic Popup Blocker - C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
HKCU-Run-AlcoholAutomount - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
HKCU-Run-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
HKCU-Explorer_Run-{40408BFC-0897-1033-0611-040404120001} - C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}\Update.exe
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4ovj0n22.chris\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wikipedia.org/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\MOZILL~1\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 18:39:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-29 18:55:12 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-29 23:54:45
Pre-Run: 94,895,505,408 bytes free
Post-Run: 94,853,627,904 bytes free
224 --- E O F --- 2008-08-14 07:30:57 | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 8-30-2008 6:07 (GMT +1) | | Open notepad and copy/paste the text in the quotebox below into it:
Quote:
|
Killall::
Snapshot::
File::
C:\WINDOWS\system32\rqgohgsi.exe
C:\WINDOWS\system32\ilkcnj.dll
C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}\Update.exe
Folder::
C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}
C:\Program Files\Viewpoint
FileLook::
C:\WINOS.SYS
|
Save this as:
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Then post fresh combofix log.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
en1gmat1c
New Member
Date Joined Aug 2008
Total Posts : 6
| Posted 8-30-2008 6:14 (GMT +1) | | ComboFix 08-08-29.02 - Owner 2008-08-30 11:47:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.216 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Program Files\Common Files\{40408BFC-0897-1033-0611-040404120001}\Update.exe
C:\WINDOWS\system32\ilkcnj.dll
C:\WINDOWS\system32\rqgohgsi.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\WINDOWS\system32\rqgohgsi.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.
2008-08-29 19:44 . 2008-08-30 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-29 19:44 . 2008-08-29 19:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-28 22:01 . 2008-08-28 22:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-28 22:00 . 2008-08-28 22:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 22:00 . 2008-08-28 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 22:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 22:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 21:29 . 2008-08-26 21:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 18:08 . 2008-08-30 10:49 <DIR> d-------- C:\Program Files\MOZILL~1
2008-08-24 13:45 . 2008-08-24 13:45 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-22 10:46 . 2008-08-22 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ExtendMedia
2008-08-13 17:32 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 17:32 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-09 19:37 . 2008-08-09 19:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 11:52 . 2008-08-02 11:52 <DIR> d-------- C:\Program Files\Real Alternative
2008-08-01 16:35 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-01 16:34 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-07-23 19:48 . 2008-07-23 19:48 4 -r-hs---- C:\WINOS.SYS
2008-07-22 13:31 . 2008-07-31 18:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpF9A26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpF8A26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpF7A26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpEAA26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpDDA26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpCFA26.FOT
2008-07-22 00:13 . 2008-07-22 00:13 1,409 --a------ C:\WINDOWS\system32\tmpB3B26.FOT
2008-07-21 17:22 . 2008-07-21 17:25 <DIR> d-------- C:\WINDOWS\NV30922388.TMP
2008-07-21 17:22 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-21 17:21 . 2008-07-21 17:21 <DIR> d-------- C:\NVIDIA
2008-07-20 18:40 . 2008-08-30 11:54 <DIR> d-------- C:\Program Files\Common Files\Akamai
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmpFB8C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmpC39C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp9B9C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp847C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp64AC1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp5B7C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp258C1.FOT
2008-07-19 20:04 . 2008-07-19 20:04 1,409 --a------ C:\WINDOWS\system32\tmp1FAC1.FOT
2008-07-19 11:40 . 2008-07-19 11:40 <DIR> d-------- C:\Program Files\The Rosetta Stone
2008-07-19 11:40 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-07-10 17:23 . 2008-07-10 17:23 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-07-08 02:14 . 2008-07-08 02:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
2008-07-07 15:26 . 2008-07-07 15:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-05 20:05 . 2008-08-30 11:56 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-05 20:04 . 2008-07-21 17:25 <DIR> d-------- C:\WINDOWS\nview
2008-07-05 20:04 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-05 20:04 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-05 20:03 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-05 19:57 . 2008-08-26 21:25 265 --a------ C:\WINDOWS\WININIT.INI
2008-07-03 20:19 . 2008-07-03 20:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
2008-07-03 19:41 . 2008-07-24 12:22 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-01 15:09 . 2008-07-01 15:09 0 --a------ C:\WINDOWS\PowerReg.dat
2008-07-01 14:59 . 2008-07-01 14:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
2008-07-01 14:25 . 2008-07-01 14:25 <DIR> d-------- C:\Program Files\free-downloads.net
2008-07-01 14:25 . 2008-07-01 14:25 <DIR> d-------- C:\Program Files\Conduit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 03:54 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-29 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 03:18 --------- d-----w C:\Program Files\Trillian
2008-08-26 01:31 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-26 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-08-24 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-24 07:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 05:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-11 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-08-07 16:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Metacafe
2008-08-07 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-07-30 03:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-29 00:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-07-01 19:59 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINOS.SYS -- Not a PE file.
MD5: cd43caedd6c05e140e4097d756131bd1
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 04:34 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 08:40 579584]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 00:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 21:39 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:36 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "C:\Program Files\interMute\SpySubtract\sshook.dll" [2004-08-30 09:48 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\d_kmd.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"65534:TCP"= 65534:TCP:azureus port
"9420:TCP"= 9420:TCP:Akamai Network Manager
"5000:UDP"= 5000:UDP:Akamai Network Manager
"56878:TCP"= 56878:TCP:PandoRest Listening Port
R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
S2 Nakido;Nakido;C:\Program Files\Nakido\nakido.exe []
S2 OpenCASE Media Agent;OpenCASE Media Agent;C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 pnicml;pnicml;C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys []
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 12:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2004-08-24 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 03:17]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 11:54:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\backupnotify.exe.cd4639e.ini.inuse 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-30 12:10:37 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-30 17:10:09
ComboFix2.txt 2008-08-29 23:55:14
Pre-Run: 98,700,566,528 bytes free
Post-Run: 98,676,092,928 bytes free
237 --- E O F --- 2008-08-14 07:30:57 | | Back to Top | | |
| |
