hijack this problem i have please

texaspete

New Member
Logfile of HijackThis v1.99.1
Scan saved at 23:07:59, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\scanner.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV7.dll
O2 - BHO: (no name) - {2F7A19F5-40B9-41B5-990A-B0363E14E1CD} - C:\WINDOWS\System32\CddbLangE.dll
O2 - BHO: (no name) - {69273382-B2A6-45D9-A8EF-C83227724C4A} - C:\WINDOWS\System32\CddbLangE.dll
O2 - BHO: (no name) - {711ECE46-C7E0-422C-A9E0-BCBC634E06E7} - C:\WINDOWS\System32\CddbLangE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D8E17E98-EE21-4DF5-A0C8-FF8EF43AA938} - C:\WINDOWS\System32\CddbLangE.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Aaou] "C:\WINDOWS\System32\YSTEM~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Gxyb] "C:\Program Files\S?mantec\t?skmgr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011YYGB
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavilion&pf=laptop
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 

texaspete

New Member
ComboFix 08-04-03.5 - Peter D Martin 2008-04-10 22:55:52.2 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter D Martin\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\System32\YSTEM~1\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Lorna Hubbard\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Peter D Martin\Local Settings\Temporary Internet Files\CPV.stt

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 22:51 . 2008-04-10 22:51 269,334 --a------ C:\WINDOWS\system32\idgbqtcn.bmp
2008-04-10 17:55 . 2008-04-10 17:55 269,334 --a------ C:\WINDOWS\system32\toned.bmp
2008-04-10 16:56 . 2008-04-10 16:56 269,334 --a------ C:\WINDOWS\system32\sbelgjad.bmp
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2002-08-29 03:03 2,042,240 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-06 20:51 . 2008-04-06 20:51 <DIR> d-------- C:\school.exe
2008-04-05 22:36 . 2008-04-10 16:55 <DIR> d-------- C:\SDFix
2008-04-04 19:30 . 2008-04-07 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-10 17:01 <DIR> d-------- C:\scanner.exe
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 16:00 . 2008-04-04 18:18 2,114,456 ---hs---- C:\WINDOWS\system32\gntaukud.ini
2008-03-31 22:19 . 2008-04-02 15:59 1,602,328 ---hs---- C:\WINDOWS\system32\auujtkso.ini
2008-03-30 19:23 . 2008-03-31 22:14 1,597,592 ---hs---- C:\WINDOWS\system32\mjillbmv.ini
2008-03-27 18:49 . 2008-03-28 18:07 1,444,668 ---hs---- C:\WINDOWS\system32\ysdhmfef.ini
2008-03-27 13:04 . 2008-03-27 18:49 1,389,477 ---hs---- C:\WINDOWS\system32\iiiubefs.ini
2008-03-27 13:01 . 2005-03-10 13:06 88,064 --a------ C:\WINDOWS\system32\CddbLangE.dll
2008-03-25 22:59 . 2008-03-25 22:59 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-03-25 22:22 . 2008-03-27 13:00 1,493,721 ---hs---- C:\WINDOWS\system32\hvhrpelt.ini
2008-03-25 21:52 . 2008-03-25 22:20 1,472,400 ---hs---- C:\WINDOWS\system32\yjgqcmdp.ini
2008-03-25 18:23 . 2008-04-02 16:27 <DIR> d-------- C:\Program Files\CPV
2008-03-24 23:31 . 2008-03-25 21:52 1,472,220 ---hs---- C:\WINDOWS\system32\gfylausq.ini
2008-03-24 18:03 . 2008-03-24 23:31 1,579,008 ---hs---- C:\WINDOWS\system32\psvhfusx.ini
2008-03-24 18:03 . 2008-03-24 18:03 53,312 --a------ C:\WINDOWS\system32\osghwfve.dll
2008-03-23 15:51 . 2008-03-24 18:02 1,543,771 ---hs---- C:\WINDOWS\system32\rkwvoywa.ini
2008-03-22 15:59 . 2008-03-23 10:34 1,430,692 ---hs---- C:\WINDOWS\system32\rpeiolea.ini
2008-03-20 23:56 . 2008-03-22 15:58 1,468,006 ---hs---- C:\WINDOWS\system32\hfddtbbr.ini
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-19 22:36 . 2008-03-20 23:55 1,538,904 ---hs---- C:\WINDOWS\system32\drromsvp.ini
2008-03-18 22:27 . 2008-03-19 22:27 1,526,137 ---hs---- C:\WINDOWS\system32\ascjqioi.ini
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 22:09 . 2008-03-18 21:23 1,526,135 ---hs---- C:\WINDOWS\system32\xeoqocqx.ini
2008-03-16 22:01 . 2008-03-16 22:01 63 --a------ C:\WINDOWS\system32\41beda43
2008-03-16 21:56 . 2008-04-02 21:16 <DIR> d-------- C:\WINDOWS\system32\hz7
2008-03-16 21:56 . 2008-04-02 18:34 <DIR> d-------- C:\WINDOWS\system32\cam2
2008-03-16 21:56 . 2008-03-16 21:56 <DIR> d-------- C:\WINDOWS\system32\bx21
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2007-06-13 20:07 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:31 24,064 ----a-w C:\WINDOWS\system32\ntload.dll
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_23.17.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-10 15:30:22 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:22 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-10 15:30:07 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:08 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
2008-04-02 16:27 51200 --a------ C:\Program Files\CPV\CPV7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F7A19F5-40B9-41B5-990A-B0363E14E1CD}]
2005-03-10 13:06 88064 --a------ C:\WINDOWS\System32\CddbLangE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{711ECE46-C7E0-422C-A9E0-BCBC634E06E7}]
2005-03-10 13:06 88064 --a------ C:\WINDOWS\System32\CddbLangE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E17E98-EE21-4DF5-A0C8-FF8EF43AA938}]
2005-03-10 13:06 88064 --a------ C:\WINDOWS\System32\CddbLangE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Aaou"="C:\WINDOWS\System32\YSTEM~1\winlogon.exe" [ ]
"Gxyb"="C:\Program Files\S?mantec\t?skmgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"BluetoothAuthorizationAgent"="C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe" [2008-03-25 22:59 18432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 23:01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-10 23:03:13
ComboFix-quarantined-files.txt 2008-04-10 22:02:41
ComboFix2.txt 2008-04-04 22:18:23
Pre-Run: 12,314,230,784 bytes free
Post-Run: 12,300,550,144 bytes free
.
2008-03-16 11:13:52 --- E O F ---
 

ceewi1

VIP Member
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
    C:\WINDOWS\system32\idgbqtcn.bmp
    C:\WINDOWS\system32\toned.bmp
    C:\WINDOWS\system32\sbelgjad.bmp
    C:\school.exe
    C:\WINDOWS\system32\gntaukud.ini
    C:\WINDOWS\system32\auujtkso.ini
    C:\WINDOWS\system32\mjillbmv.ini
    C:\WINDOWS\system32\ysdhmfef.ini
    C:\WINDOWS\system32\iiiubefs.ini
    C:\WINDOWS\system32\CddbLangE.dll
    C:\WINDOWS\system32\hvhrpelt.ini
    C:\WINDOWS\system32\yjgqcmdp.ini
    C:\WINDOWS\system32\gfylausq.ini
    C:\WINDOWS\system32\psvhfusx.ini
    C:\WINDOWS\system32\osghwfve.dll
    C:\WINDOWS\system32\rkwvoywa.ini
    C:\WINDOWS\system32\rpeiolea.ini
    C:\WINDOWS\system32\hfddtbbr.ini
    C:\WINDOWS\system32\drromsvp.ini
    C:\WINDOWS\system32\ascjqioi.ini
    C:\WINDOWS\system32\xeoqocqx.ini
    C:\WINDOWS\system32\41beda43
    C:\WINDOWS\system32\grwinsthlp.exe
    
    Folder::
    C:\WINDOWS\system32\hz7
    C:\WINDOWS\system32\cam2
    C:\WINDOWS\system32\bx21
    C:\Program Files\CPV
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F7A19F5-40B9-41B5-990A-B0363E14E1CD}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{711ECE46-C7E0-422C-A9E0-BCBC634E06E7}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8E17E98-EE21-4DF5-A0C8-FF8EF43AA938}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aaou"=-
    "Gxyb"=-
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    C:\Program Files\S?mantec /u
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to be Moved window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post
  • The ComboFix log
  • The OTMoveIt2 log
  • A new HijackThis log
  • An update on how your system is running
 

texaspete

New Member
ComboFix 08-04-03.5 - Peter D Martin 2008-04-11 17:24:04.3 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Peter D Martin\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\school.exe
C:\WINDOWS\system32\41beda43
C:\WINDOWS\system32\ascjqioi.ini
C:\WINDOWS\system32\auujtkso.ini
C:\WINDOWS\system32\CddbLangE.dll
C:\WINDOWS\system32\drromsvp.ini
C:\WINDOWS\system32\gfylausq.ini
C:\WINDOWS\system32\gntaukud.ini
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\hfddtbbr.ini
C:\WINDOWS\system32\hvhrpelt.ini
C:\WINDOWS\system32\idgbqtcn.bmp
C:\WINDOWS\system32\iiiubefs.ini
C:\WINDOWS\system32\mjillbmv.ini
C:\WINDOWS\system32\osghwfve.dll
C:\WINDOWS\system32\psvhfusx.ini
C:\WINDOWS\system32\rkwvoywa.ini
C:\WINDOWS\system32\rpeiolea.ini
C:\WINDOWS\system32\sbelgjad.bmp
C:\WINDOWS\system32\toned.bmp
C:\WINDOWS\system32\xeoqocqx.ini
C:\WINDOWS\system32\yjgqcmdp.ini
C:\WINDOWS\system32\ysdhmfef.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CPV
C:\Program Files\CPV\CPV7.dll
C:\WINDOWS\system32\41beda43
C:\WINDOWS\system32\ascjqioi.ini
C:\WINDOWS\system32\auujtkso.ini
C:\WINDOWS\system32\bx21
C:\WINDOWS\system32\bx21\thudll5502.exe
C:\WINDOWS\system32\cam2
C:\WINDOWS\system32\CddbLangE.dll
C:\WINDOWS\system32\drromsvp.ini
C:\WINDOWS\system32\gfylausq.ini
C:\WINDOWS\system32\gntaukud.ini
C:\WINDOWS\system32\grwinsthlp.exe
C:\WINDOWS\system32\hfddtbbr.ini
C:\WINDOWS\system32\hvhrpelt.ini
C:\WINDOWS\system32\hz7
C:\WINDOWS\system32\idgbqtcn.bmp
C:\WINDOWS\system32\iiiubefs.ini
C:\WINDOWS\system32\mjillbmv.ini
C:\WINDOWS\system32\osghwfve.dll
C:\WINDOWS\system32\psvhfusx.ini
C:\WINDOWS\system32\rkwvoywa.ini
C:\WINDOWS\system32\rpeiolea.ini
C:\WINDOWS\system32\sbelgjad.bmp
C:\WINDOWS\system32\toned.bmp
C:\WINDOWS\system32\xeoqocqx.ini
C:\WINDOWS\system32\yjgqcmdp.ini
C:\WINDOWS\system32\ysdhmfef.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 17:13 . 2008-04-11 17:13 269,334 --a------ C:\WINDOWS\system32\krqtcjah.bmp
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2002-08-29 03:03 2,042,240 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-06 20:51 . 2008-04-06 20:51 <DIR> d-------- C:\school.exe
2008-04-05 22:36 . 2008-04-10 16:55 <DIR> d-------- C:\SDFix
2008-04-04 19:30 . 2008-04-07 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-10 23:07 <DIR> d-------- C:\scanner.exe
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-25 22:59 . 2008-03-25 22:59 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:31 24,064 ----a-w C:\WINDOWS\system32\ntload.dll
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_23.17.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-10 15:30:22 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:22 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-10 15:30:07 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:08 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"BluetoothAuthorizationAgent"="C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe" [2008-03-25 22:59 18432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 17:30:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 17:32:29
ComboFix-quarantined-files.txt 2008-04-11 16:31:59
ComboFix2.txt 2008-04-10 22:03:14
ComboFix3.txt 2008-04-04 22:18:23
Pre-Run: 12,251,066,368 bytes free
Post-Run: 12,213,600,256 bytes free
.
2008-03-16 11:13:52 --- E O F ---
 

texaspete

New Member
Logfile of HijackThis v1.99.1
Scan saved at 17:40:03, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\scanner.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011YYGB
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=pavilion&pf=laptop
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 

texaspete

New Member
when i done the otmoveit is said this

< C:\Program Files\S?mantec /u >
File/Folder C:\Program Files\S?mantec not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04112008_174627
 

ceewi1

VIP Member
Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:Please close all open windows except for HijackThis and choose Fix checked

Please run OTMoveIt2 again:
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    C:\WINDOWS\system32\krqtcjah.bmp
    C:\school.exe
  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to be Moved window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add Or Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Kas-SaveReport-1.gif

Kas-Savetxt.gif

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Please post
  • The OTMoveIt2 report
  • The Kaspersky Online Scanner Report
 

texaspete

New Member
hi go to press accept on Kaspersky Online Scanner but nothing is happerning.
i'm using firefox, and i have that option to zoom in! :(
 

Punk

Moderator
Staff member
Ok

Let's see a Combofix log:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 

texaspete

New Member
hey punk
ComboFix 08-04-12.10 - Peter D Martin 2008-04-13 17:55:13.4 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\update32.exe
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wscmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 17:39 . 2008-04-13 17:39 0 --a------ C:\WINDOWS\system32\sex3.ico.tmp
2008-04-13 17:38 . 2008-04-13 17:38 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp
2008-04-13 17:38 . 2008-04-13 17:38 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-04-13 17:27 . 2008-04-13 17:27 269,334 --a------ C:\WINDOWS\system32\dojmhkbqdsn.bmp
2008-04-13 17:22 . 2008-04-13 17:40 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-04-13 17:22 . 2008-04-13 17:39 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-04-13 17:21 . 2008-04-13 17:31 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-04-13 17:21 . 2008-04-13 17:30 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-04-13 17:20 . 2008-04-13 17:30 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-04-13 17:13 . 2008-04-13 17:13 269,334 --a------ C:\WINDOWS\system32\lgnetkrqhgfap.bmp
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a
2008-04-13 00:25 . 2008-04-13 00:25 269,334 --a------ C:\WINDOWS\system32\cradonidcr.bmp
2008-04-12 19:04 . 2008-04-12 19:04 269,334 --a------ C:\WINDOWS\system32\apknihgb.bmp
2008-04-12 10:17 . 2008-04-12 10:17 269,334 --a------ C:\WINDOWS\system32\felsnilcfatsf.bmp
2008-04-11 22:09 . 2008-04-11 22:09 269,334 --a------ C:\WINDOWS\system32\lcbitojml.bmp
2008-04-11 19:29 . 2008-04-11 19:29 269,334 --a------ C:\WINDOWS\system32\nepgjeh.bmp
2008-04-11 17:42 . 2008-04-11 17:42 <DIR> d-------- C:\_OTMoveIt
2008-04-11 17:13 . 2008-04-11 17:13 269,334 --a------ C:\WINDOWS\system32\krqtcjah.bmp
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2002-08-29 03:03 2,042,240 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-04-06 20:51 . 2008-04-06 20:51 <DIR> d-------- C:\school.exe
2008-04-05 22:36 . 2008-04-10 16:55 <DIR> d-------- C:\SDFix
2008-04-04 19:30 . 2008-04-07 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-12 10:32 <DIR> d-------- C:\scanner.exe
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:31 24,064 ----a-w C:\WINDOWS\system32\ntload.dll
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll

2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_23.17.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-04-27 20:10:38 2,569 -c--a-w C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.bat
+ 2008-04-13 16:26:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-10 15:30:22 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:22 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-05 01:58:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-10 15:30:07 4,857,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-10 15:30:08 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2003-10-22 02:28:34 2,673 ----a-w C:\WINDOWS\hpimdl01.dat
+ 2006-07-23 20:46:04 2,560 ----a-r C:\WINDOWS\Installer\{40280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2003-03-31 02:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 02:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2003-03-31 02:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 02:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2003-05-03 12:10:24 1,727 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic\Update Manager\sumdb.dat
- 2006-10-12 10:50:39 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-04-13 16:55:06 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2003-03-31 02:00:00 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2002-08-29 08:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2003-03-31 02:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2003-03-31 02:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2003-03-31 02:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2003-03-31 02:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2003-03-31 02:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2003-03-31 02:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2003-03-31 02:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 02:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2003-03-31 02:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-07-18 22:47 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 18:00:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 18:02:37
ComboFix-quarantined-files.txt 2008-04-13 17:02:13
ComboFix2.txt 2008-04-11 16:32:29
ComboFix3.txt 2008-04-10 22:03:14
ComboFix4.txt 2008-04-04 22:18:23
Pre-Run: 12,172,034,048 bytes free
Post-Run: 12,162,920,448 bytes free
.
2008-03-16 11:13:52 --- E O F ---
 

Punk

Moderator
Staff member
Ok we have new files, let's delete them:

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp
C:\WINDOWS\system32\sex1.ico.tmp
C:\WINDOWS\system32\dojmhkbqdsn.bmp
C:\WINDOWS\system32\sex5.ico
C:\WINDOWS\system32\sex4.ico
C:\WINDOWS\system32\sex3.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\lgnetkrqhgfap.bmp
C:\WINDOWS\system32\cradonidcr.bmp
C:\WINDOWS\system32\ntload.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 

texaspete

New Member
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp"
Deletion of file "C:\WINDOWS\system32\sex3.ico.tmp C:\WINDOWS\system32\sex2.ico.tmp" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

File "C:\WINDOWS\system32\sex1.ico.tmp" deleted successfully.
File "C:\WINDOWS\system32\dojmhkbqdsn.bmp" deleted successfully.
File "C:\WINDOWS\system32\sex5.ico" deleted successfully.
File "C:\WINDOWS\system32\sex4.ico" deleted successfully.
File "C:\WINDOWS\system32\sex3.ico" deleted successfully.
File "C:\WINDOWS\system32\sex2.ico" deleted successfully.
File "C:\WINDOWS\system32\sex1.ico" deleted successfully.
File "C:\WINDOWS\system32\lgnetkrqhgfap.bmp" deleted successfully.
File "C:\WINDOWS\system32\cradonidcr.bmp" deleted successfully.
File "C:\WINDOWS\system32\ntload.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 

texaspete

New Member
great Internet Explorer is working now,thats great shall i go back an do Kaspersky Online Scanner an follow ceewi1 instuctions
 

texaspete

New Member
have to post log in 2 parts

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 8:58:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702086
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75775
Number of viruses found: 39
Number of infected objects: 213
Number of suspicious objects: 3
Duration of the scan process: 01:51:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lorna Hubbard\Local Settings\Application Data\Mozilla\Firefox\Profiles\gzrsd51l.default\Cache\2AB8EE1Bd01 Infected: not-virus:Hoax.Win32.Renos.bej skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\history.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\key3.db Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\Peter D Martin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1m.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1n1mh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpm1nh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From EBAY <[email protected]>][Date 7 Nov 2006 05:56:37 -0800]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From paypal.com <[email protected]>][Date Tue, 17 Oct 2006 05:01:27 +0300]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Identities\{74CA3E49-695D-4219-A72E-0166E72358C2}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\49ghvfjr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temp\Perflib_Perfdata_1e0.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temp\~DF6FB0.tmp Object is locked skipped
C:\Documents and Settings\Peter D Martin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter D Martin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter D Martin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter D Martin\Shared\# bj bridges bj bridges 59.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\(Crack) im feeling nothing dada 16.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\02 Track 2 (army).wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Peter D Martin\Shared\[Full Version] alf garnett 18.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\xubaci89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bjbcqufv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\buvigkhr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\chcngsah.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\diyjepwa.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fcsgovrt.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fujrdftv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gueyaoye.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hmwxxnei.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hoxrulwt.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ieupdates.exe.vir Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jbclavhv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kfquoiyb.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lktakvyg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lutcgcba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgqfpmpy.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mkwmciyg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\shdohvuv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\srqffjjc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sypieccq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tbkrsbsp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tlnmxkgl.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tswqmjrm.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uovsxpbx.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\update32.exe.vir Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\upjoxenc.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vpioktre.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqkimido.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wscmp.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xuykdcfq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xwyvpdtj.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ydagxkgh.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yeihpnsv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yfhbyanl.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yhenxmhf.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip/awvvu.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip/tuvvwwu.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip/Documents and Settings/Peter D Martin/Desktop/catchme.zip Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-04_230859.71.zip ZIP: infected - 3 skipped
C:\SDFix\backups\backups.zip/backups/b155.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\SDFix\backups\backups.zip/backups/mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\SDFix\backups\backups.zip/backups/UGES_0001_N122M2602NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ee skipped
C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped
 

texaspete

New Member
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0215565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0215566.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP493\A0216565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP494\A0218565.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP495\A0221650.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP496\A0222705.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP496\A0222758.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0223822.exe Infected: Trojan-Downloader.Win32.Agent.lqu skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0223827.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224813.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224829.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP497\A0224830.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226861.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226862.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226863.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0226873.exe Infected: Trojan-Downloader.Win32.Homles.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0227861.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0228876.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0228948.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0229992.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0230003.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231007.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231013.exe Infected: Trojan-Downloader.Win32.Homles.at skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231020.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231027.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231034.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231048.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0231095.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232090.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232108.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232109.exe Infected: not-a-virus:AdWare.Win32.Insider.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232110.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232110.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232111.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232112.dll Infected: not-a-virus:AdWare.Win32.BHO.sr skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232114.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232114.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232123.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232197.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232210.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232222.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0232242.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0233238.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP498\A0233247.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233289.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233292.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233294.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233295.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233296.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233297.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233298.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233299.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233300.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233301.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233302.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233303.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233304.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233305.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233306.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233308.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233309.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233311.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233313.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233314.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233315.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233317.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233318.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233319.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233320.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233321.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233322.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233323.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233331.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233333.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233334.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233335.exe Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233338.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233339.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233340.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233341.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233342.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233343.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233344.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233345.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233346.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233347.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233348.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233349.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233350.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lub skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233351.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233352.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233353.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233354.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233355.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233356.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233357.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233358.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233359.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233360.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233361.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233363.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233364.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233365.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233366.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233367.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233368.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233373.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP499\A0233459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233820.exe Infected: Trojan-Downloader.Win32.Agent.ltf skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233849.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233850.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233859.exe Infected: Trojan.Win32.BHO.bfl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233860.exe Infected: Trojan-Downloader.Win32.Homles.au skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP500\A0233866.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ee skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0234100.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0234110.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0235106.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP502\A0235118.dll Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235128.exe Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235129.dll Infected: not-a-virus:AdWare.Win32.BHO.aph skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235130.exe Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235131.exe Infected: not-virus:Hoax.Win32.Renos.bnl skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\A0235178.dll Infected: not-virus:Hoax.Win32.Renos.bja skipped
C:\System Volume Information\_restore{4722BA04-B784-4C7D-8C34-06E379EFA6F0}\RP503\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UGES_0001_N122M2602NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ee skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UGES_0001_N122M2602NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ee skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UGES_0001_N122M2602NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ee skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B57ED9A0-D8D3-4E0A-BAA7-CA9973BEAA41}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Top