Solved pop-ups won't stop help with hijacklog lease

shammie · 2007/09/18

[Resolved] pop-ups won't stop help with hijacklog lease

help, trying to help friend with laptop pop-up after pop-up. I ran spybot and ad-adware still having poblem plus very slow. Any help would be greatly appreciated. Thank you. Hijack log below:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:14:20 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Trey\My Documents\hijackthis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B2730AA-0762-42DC-9188-E901833148FF} - (no file)
O2 - BHO: (no name) - {780C1593-8FEC-47C8-AE40-275A14F4C88C} - \
O2 - BHO: (no name) - {837D38FA-80D3-4476-B591-879002051353} - C:\WINDOWS\system32\rqrpo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\jtufndsk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe "
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe "
O4 - HKLM\..\Run: [zpwoghuA] C:\WINDOWS\zpwoghuA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinlodt.exe SKY009
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - Winlogon Notify: mljkhgg - mljkhgg.dll (file missing)
O20 - Winlogon Notify: ssqqr - C:\WINDOWS\system32\ssqqr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

--
End of file - 7575 bytes

noahdfear · 2007/09/18

Hi shammie

Download VundoFix by Atribune, saving it to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Then, in normal mode, download ComboFix by sUBs from Here or Here, saving the file to your Desktop.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

When finished, it will open a log for you. Post that log, the contents of C:\vundofix.txt and a new HijackThis log (run in normal mode).

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

shammie · 2007/09/18

noahdfear,
Thank you for your help. Ran fix's logs are below. Thanks again.

Combofix:
ComboFix 07-09-18.4 - "Trey" 2007-09-18 22:52:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.71 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Trey\APPLIC~1\winantiviruspro2007freeinstall[1].exe
C:\DOCUME~1\Trey\err.log
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\adskicor.exe
C:\WINDOWS\system32\agabetub.dll
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\cobgrhmq.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\dwrrdiba.exe
C:\WINDOWS\system32\gouxkepy.exe
C:\WINDOWS\system32\hpornbsr.exe
C:\WINDOWS\system32\jqdlxpla.exe
C:\WINDOWS\system32\jumilbem.exe
C:\WINDOWS\system32\lwqqnyqe.exe
C:\WINDOWS\system32\oprqr.bak1
C:\WINDOWS\system32\oprqr.bak2
C:\WINDOWS\system32\oprqr.ini
C:\WINDOWS\system32\oprqr.tmp
C:\WINDOWS\system32\rqrpo.dll
C:\WINDOWS\system32\xfjqaoxk.dll
C:\WINDOWS\system32\yboapfed.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z11
C:\WINDOWS\system32\Z3
C:\WINDOWS\system32\Z5
C:\WINDOWS\system32\Z7
C:\WINDOWS\system32\Z9
C:\WINDOWS\system32\Z9\bw73.exe
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-18 23:06 75,328 --a------ C:\WINDOWS\system32\mkgbbakn.exe
2007-09-18 22:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 22:11 <DIR> d-------- C:\VundoFix Backups
2007-09-18 20:17 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-18 20:17 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-18 20:12 168,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-18 20:12 10,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-18 20:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-18 19:32 <DIR> d-------- C:\kav
2007-09-18 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-18 15:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-18 15:52 <DIR> d-------- C:\Program Files\InterMute
2007-09-18 14:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-18 14:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-18 14:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 08:07 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-14 23:55 <DIR> d-------- C:\DOCUME~1\Trey\.housecall6.6
2007-09-14 12:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-14 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-03 15:55 1,610,104 --ahs---- C:\WINDOWS\system32\opppo.bak2
2007-08-26 14:25 1,606,474 --ahs---- C:\WINDOWS\system32\opppo.bak1
2007-08-24 21:56 6,513 --ahs---- C:\WINDOWS\system32\behjl.bak1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 23:17 3284 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-18 23:17 1964 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-18 19:41 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 17:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WSC Guard
2007-08-19 13:48 1687770 --ahs---- C:\WINDOWS\system32\sstwa.ini2
2007-08-15 22:09 1689613 --ahs---- C:\WINDOWS\system32\sstwa.bak2
2007-08-11 21:43 1688435 --ahs---- C:\WINDOWS\system32\sstwa.bak1
2007-08-07 23:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 21:55 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-26 21:48 25600 --a------ C:\DOCUME~1\Trey\usbsermptxp.sys
2007-07-26 21:48 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-07-26 21:48 22768 --a------ C:\DOCUME~1\Trey\usbsermpt.sys
2007-07-26 21:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 11:45 --------- d-------- C:\Program Files\Windows Defender
2007-07-24 10:50 1735987 --ahs---- C:\WINDOWS\system32\rqqss.bak2
2007-07-23 10:50 1782039 --ahs---- C:\WINDOWS\system32\rqqss.bak1
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-02-05 23:17 722176 --a------ C:\DOCUME~1\Trey\gotomypc_428.exe
2006-07-21 00:19 563712 --a------ C:\DOCUME~1\Trey\gotomypc_370.exe
2006-03-15 07:40 26922 --a------ C:\Program Files\MoviePass Terms.html
2006-02-17 19:22 563712 --a------ C:\DOCUME~1\Trey\370_gotomypc.exe
2005-10-10 20:41 483401 --a------ C:\DOCUME~1\Trey\314_gotomypc.exe
2005-02-27 11:30 483401 --a------ C:\DOCUME~1\Trey\gotomypc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE66BD1-9FC6-417A-BCC2-7F1ECEB561E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B2730AA-0762-42DC-9188-E901833148FF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{780C1593-8FEC-47C8-AE40-275A14F4C88C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A3E10DE-FDCA-4779-BE9A-7D06B9DF3179}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE00B870-5103-4017-8794-01A6F0770BF5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 18:10]
"AIMPro "= "C:\Program Files\AIM\AIM Pro\aimpro.exe" []
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WatchDog "= "C:\Program Files\mobile PhoneTools\WatchDog.exe" []
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 03:01]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 12:15]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 12:15]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-12 08:13]
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-05-03 20:33]
"PhilipsDM "= "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-15 18:45]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 03:46]
"HPHUPD06 "= "c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2004-12-16 16:29]
"HPHUPD05 "= "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHped06 "= "c:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 16:29]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2005-03-02 17:12]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 21:55]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2004-11-24 18:17]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 03:33]
"eabconfg.cpl "= "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"DXDllRegExe "= "dxdllreg.exe" []
"Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 12:32]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 21:18]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"RecordNow! "=" " []
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MoneyAgent "= "c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
Linksys Wireless Guard.lnk - C:\Program Files\Linksys Wireless Guard\WscGuard.exe [2004-04-18 10:57:58]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-07-06 20:09:29]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-01-29 01:36:18]

C:\DOCUME~1\Trey\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-12-21 12:03:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkhgg]
mljkhgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqr]
C:\WINDOWS\system32\ssqqr.dll

R2 WSCNetManager;Linksys Wireless Guard Network Manager Service; "C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe "
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-07-08 13:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-19 04:22:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-19 04:33:02 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 23:19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?0?2?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 23:34:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 23:34
.
--- E O F ---

Vundofix:

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:11:14 PM 9/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\jtufndsk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jtufndsk.dll
C:\WINDOWS\system32\jtufndsk.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:39:06 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys Wireless Guard\WscGuard.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Trey\My Documents\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B2730AA-0762-42DC-9188-E901833148FF} - (no file)
O2 - BHO: (no name) - {780C1593-8FEC-47C8-AE40-275A14F4C88C} - \
O2 - BHO: (no name) - {9A3E10DE-FDCA-4779-BE9A-7D06B9DF3179} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DE00B870-5103-4017-8794-01A6F0770BF5} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHped06] c:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys Wireless Guard.lnk = C:\Program Files\Linksys Wireless Guard\WscGuard.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O20 - Winlogon Notify: mljkhgg - mljkhgg.dll (file missing)
O20 - Winlogon Notify: ssqqr - C:\WINDOWS\system32\ssqqr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

--
End of file - 10621 bytes

noahdfear · 2007/09/19

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\WINDOWS\system32\mkgbbakn.exe
C:\WINDOWS\system32\opppo.bak2
C:\WINDOWS\system32\opppo.bak1
C:\WINDOWS\system32\behjl.bak1
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\rqqss.bak1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CE66BD1-9FC6-417A-BCC2-7F1ECEB561E4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B2730AA-0762-42DC-9188-E901833148FF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{780C1593-8FEC-47C8-AE40-275A14F4C88C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A3E10DE-FDCA-4779-BE9A-7D06B9DF3179}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE00B870-5103-4017-8794-01A6F0770BF5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\[COLOR="Black"]CurrentVersion[/COLOR]\Run]
 "DXDllRegExe "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkhgg] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqr] 
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

shammie · 2007/09/19

I really appreciate the help. Here are new logs:

combofix:

ComboFix 07-09-18.4 - "Trey" 2007-09-19 20:21:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -5:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\mkgbbakn.exe
C:\WINDOWS\system32\opppo.bak2
C:\WINDOWS\system32\opppo.bak1
C:\WINDOWS\system32\behjl.bak1
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\rqqss.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\behjl.bak1
C:\WINDOWS\system32\mkgbbakn.exe
C:\WINDOWS\system32\opppo.bak1
C:\WINDOWS\system32\opppo.bak2
C:\WINDOWS\system32\rqqss.bak1
C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-18 22:49 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 22:11 <DIR> d-------- C:\VundoFix Backups
2007-09-18 20:17 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-18 20:17 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-18 20:12 543,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-18 20:12 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-18 20:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-18 19:32 <DIR> d-------- C:\kav
2007-09-18 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-18 15:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-18 15:52 <DIR> d-------- C:\Program Files\InterMute
2007-09-18 14:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-18 14:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-18 14:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 08:07 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-14 23:55 <DIR> d-------- C:\DOCUME~1\Trey\.housecall6.6
2007-09-14 12:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-14 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 12:46 7988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-19 12:46 2276 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-19 08:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WSC Guard
2007-09-18 19:41 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-07 23:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-26 21:55 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-26 21:48 25600 --a------ C:\DOCUME~1\Trey\usbsermptxp.sys
2007-07-26 21:48 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-07-26 21:48 22768 --a------ C:\DOCUME~1\Trey\usbsermpt.sys
2007-07-26 21:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 11:45 --------- d-------- C:\Program Files\Windows Defender
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-02-05 23:17 722176 --a------ C:\DOCUME~1\Trey\gotomypc_428.exe
2006-07-21 00:19 563712 --a------ C:\DOCUME~1\Trey\gotomypc_370.exe
2006-03-15 07:40 26922 --a------ C:\Program Files\MoviePass Terms.html
2006-02-17 19:22 563712 --a------ C:\DOCUME~1\Trey\370_gotomypc.exe
2005-10-10 20:41 483401 --a------ C:\DOCUME~1\Trey\314_gotomypc.exe
2005-02-27 11:30 483401 --a------ C:\DOCUME~1\Trey\gotomypc.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-18_233153.41 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 16,384 2007-09-20 01:02:11 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-20 01:02:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-09-20 01:02:11 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 16,384 2007-09-19 01:27:43 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-19 01:27:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-19 01:27:43 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 18:10]
"AIMPro "= "C:\Program Files\AIM\AIM Pro\aimpro.exe" []
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WatchDog "= "C:\Program Files\mobile PhoneTools\WatchDog.exe" []
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 03:01]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 12:15]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 12:15]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-12 08:13]
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-05-03 20:33]
"PhilipsDM "= "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-15 18:45]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 03:46]
"HPHUPD06 "= "c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2004-12-16 16:29]
"HPHUPD05 "= "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHped06 "= "c:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe" [2004-12-16 16:29]
"HPHmon06 "= "C:\WINDOWS\system32\hphmon06.exe" [2005-03-02 17:12]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 21:55]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2004-11-24 18:17]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 03:33]
"eabconfg.cpl "= "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" []
"Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 12:32]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 21:18]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"RecordNow! "=" " []
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"MoneyAgent "= "c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
Linksys Wireless Guard.lnk - C:\Program Files\Linksys Wireless Guard\WscGuard.exe [2004-04-18 10:57:58]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-07-06 20:09:29]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2004-01-29 01:36:18]

C:\DOCUME~1\Trey\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-12-21 12:03:17]

R2 WSCNetManager;Linksys Wireless Guard Network Manager Service; "C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe "
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-07-08 13:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-20 01:05:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job "
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-20 01:23:02 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 20:25:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?0?2?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19 20:27:16
C:\ComboFix-quarantined-files.txt ... 2007-09-19 20:26
C:\ComboFix2.txt ... 2007-09-18 23:34
.
--- E O F ---

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:55:09 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys Wireless Guard\WscGuard.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Trey\My Documents\hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHped06] c:\PROGRA~1\HP\{BA2D9~1\pexpress\hphPED06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe "
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys Wireless Guard.lnk = C:\Program Files\Linksys Wireless Guard\WscGuard.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Linksys Wireless Guard Network Manager Service (WSCNetManager) - Wireless Security Corporation - C:\Program Files\Linksys Wireless Guard\WscNetMgrSvc.exe

--
End of file - 9937 bytes

noahdfear · 2007/09/19

Looks good.

Delete all of the following tools we have used, and the files/folders they created.

C:\ComboFix
C:\VundoFix Backups
C:\WINDOWS\nircmd.exe
combofix.exe
vundofix.exe
all combofix and vundofix logs

Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Now, lets do an online scan to make sure we haven't missed something.

Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the contents of the Kaspersky log.

shammie · 2007/09/20

results from kaspersky scan (looks scary to me)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 20, 2007 12:49:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 20/09/2007
Kaspersky Anti-Virus database records: 421032
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63300
Number of viruses found: 37
Number of infected objects: 112
Number of suspicious objects: 0
Duration of the scan process: 01:34:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07242007-114638.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030410\0102\0102\values Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Trey\.housecall6.6\Quarantine\uwas7cw.exe.bac_a03068 Infected: not-a-virus: Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Trey\.housecall6.6\Quarantine\WinAntiSpyware2007FreeInstall.exe.bac_a03068 Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Trey\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3C4D8409-EAFD-43B2-9E39-F4C9B9779158} Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\History\History.IE5\MSHist012007091920070920\index.dat Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Temp\hphPED000.log Object is locked skipped
C:\Documents and Settings\Trey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Trey\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Trey\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Trey\UserData\index.dat Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\qoobox\Quarantine\C\DOCUME~1\Trey\APPLIC~1\winantiviruspro2007freeinstall[1].exe.vir Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\wr-1-0000077.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\adskicor.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\b10FdUe\b10FdUe1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cobgrhmq.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dwrrdiba.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gouxkepy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hpornbsr.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jqdlxpla.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jumilbem.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lwqqnyqe.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mkgbbakn.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yboapfed.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Z9\bw73.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037598.dll Infected: not-a-virus:AdWare.Win32.Agent.dk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037599.exe Infected: not-a-virus:AdWare.Win32.Agent.dk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037608.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037618.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037619.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037620.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037621.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037622.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037623.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037624.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037625.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037626.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037627.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037628.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038674.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038676.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038678.exe Infected: Trojan-Downloader.Win32.VB.biy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038681.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038683.exe Infected: Backdoor.Win32.Agent.so skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038693.exe/data0002 Infected: Backdoor.Win32.Agent.so skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038693.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP305\A0038704.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040980.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040982.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP315\A0042067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP315\A0042068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP317\A0046067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047081.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047083.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048112.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048114.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP328\A0048125.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP328\A0048126.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lq skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP346\A0054287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056312.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056313.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056315.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056316.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056317.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056318.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056319.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056320.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056321.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056322.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056323.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056324.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056325.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056326.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056327.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056328.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056331.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056332.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056333.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056334.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056335.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056336.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056337.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056338.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056339.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056340.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056341.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056342.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056343.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056344.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056345.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056346.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056347.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP355\A0057313.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP357\A0059574.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060681.exe Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060682.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060683.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060684.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060685.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060686.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060687.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060688.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060689.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060690.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060693.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060693.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060694.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060695.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060695.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060696.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060697.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP360\A0060861.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP361\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\WPD\wpdtrace.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E6389E17-C893-4624-8342-7C28F00C77D2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2007/09/20

Maybe this won't be as scary.

C:\Documents and Settings\Trey\.housecall6.6\Quarantine\uwas7cw.exe .bac_a03068 Infected: not-a-virus: Downloader.Win32.WinFixer.t skipped
C:\Documents and Settings\Trey\.housecall6.6\Quarantine\WinAntiSpyw are2007FreeInstall.exe.bac_a03068 Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\qoobox\Quarantine\C\DOCUME~1\Trey\APPLIC~1\wina ntiviruspro2007freeinstall[1].exe.vir Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\wr-1-0000077.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\adskicor.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\b10FdUe\b1 0FdUe1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cobgrhmq.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dwrrdiba.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gouxkepy.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hpornbsr.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jqdlxpla.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jumilbem.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lwqqnyqe.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mkgbbakn.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yboapfed.e xe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Z9\bw73.ex e.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037598.dll Infected: not-a-virus:AdWare.Win32.Agent.dk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037599.exe Infected: not-a-virus:AdWare.Win32.Agent.dk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037608.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037618.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037619.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037620.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037621.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037622.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037623.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037624.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037625.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037626.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037627.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP300\A0037628.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038674.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038676.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038678.exe Infected: Trojan-Downloader.Win32.VB.biy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038681.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038683.exe Infected: Backdoor.Win32.Agent.so skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038693.exe/data0002 Infected: Backdoor.Win32.Agent.so skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP304\A0038693.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP305\A0038704.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040980.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP312\A0040982.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP315\A0042067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP315\A0042068.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP317\A0046067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047081.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP320\A0047083.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048112.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP326\A0048114.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP328\A0048125.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP328\A0048126.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lq skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP346\A0054287.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mb skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056312.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056313.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056315.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056316.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056317.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056318.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056319.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056320.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056321.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056322.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056323.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056324.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056325.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056326.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056327.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056328.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056331.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056332.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056333.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056334.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056335.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056336.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056337.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056338.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056339.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056340.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056341.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056342.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056343.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056344.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056345.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056346.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056347.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP352\A0056348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP355\A0057313.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP357\A0059574.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060681.exe Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060682.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060683.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060684.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060685.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060686.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060687.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060688.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060689.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060690.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060693.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060693.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060694.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060695.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060695.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060696.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP359\A0060697.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{1C74FEA9-2D71-4415-8AE0-5DBB04006415}\RP360\A0060861.exe Infected: Trojan.Win32.Agent.bck skipped
Click to expand...

Housecall Quarantine folder, ComboFix's backup folder and System Restore points.

Delete the files from the C:\Documents and Settings\Trey\.housecall6.6\Quarantine folder.
Delete the C:\qoobox folder.

Empty the recycle bin.

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

While I see signs of several antivirus programs on that machine, it doesn't appear that any are active. Make sure that gets done, and remember that one 1 av app should be active.

shammie · 2007/09/20

noahdfear,

Thank you so much for your help it is greatly appreciated!!!

noahdfear · 2007/09/20

You're most welcome. Glad I could help.

Log in or Sign up

Solved pop-ups won't stop help with hijacklog lease

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved pop-ups won't stop help with hijacklog lease

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches