Red X on c drive

Computing.Net > Forums > Security and Virus > Red X on c drive

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Red X on c drive

Name: paltman3
Date: March 1, 2008 at 10:24:35 Pacific
OS: Windows XP
CPU/Ram: Intel Pentium 2 / 1 G
Product: Dell Dimension DV051

Comment:

I like many other have the red x on my c drive I had thousands of tmp files, which I took care of I ran all the programs recommended and my computer is running GREAT, except for that BIG red x....please help me!!!

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 1, 2008 at 17:47:05 Pacific

Reply:

Please run the following scans and post the results.
Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 2

Name: paltman3
Date: March 2, 2008 at 08:46:30 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:03 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Pam\My Documents\VundoFix.exe
C:\Documents and Settings\Pam\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTorr.dll
O2 - BHO: (no name) - {4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTorr.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTorr.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [BM4b2bdf70] Rundll32.exe "C:\WINDOWS\system32\frejslhw.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm265MFUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Veriz...
O18 - Protocol: bw+0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CB58F900-889A-4CEF-99D7-DE4956B78675} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqoomm - ssqoomm.dll (file missing)
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 18151 bytes
ComboFix 08-03-01 - Pam 2008-03-03 11:41:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.627 [GMT -5:00]
Running from: C:\Documents and Settings\Pam\My Documents\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-02 14:26 . 2008-03-02 14:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-02 14:26 . 2008-03-02 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-02 13:43 . 2007-08-30 13:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 13:43 . 2007-08-30 13:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:27 . 2008-03-02 12:27 <DIR> d-------- C:\Program Files\Seagate
2008-03-02 11:48 . 2008-03-02 11:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 11:34 . 2008-03-02 11:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 10:02 . 2008-03-02 10:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-02 00:14 . 2008-03-02 00:14 <DIR> d-------- C:\Program Files\Conduit
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 20:15 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 19:43 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 19:01 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-29 17:30 . 2004-08-10 06:00 388,608 --a------ C:\CF892.exe
2008-02-29 17:11 . 2004-08-10 06:00 388,608 --a------ C:\CF29829.exe
2008-02-29 17:07 . 2008-02-29 17:45 <DIR> d-------- C:\VundoFix Backups
2008-02-28 19:28 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 17:13 . 2008-02-26 17:13 <DIR> d--h----- C:\Temp\pt8q3khslw
2008-02-25 16:37 . 2008-02-25 16:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 16:35 . 2007-07-25 08:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 16:34 . 2008-02-25 16:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 16:34 . 2008-02-25 16:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 16:34 . 2008-02-25 16:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 16:29 . 2008-02-25 16:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 14:40 . 2008-03-01 23:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 13:43 . 2008-02-25 13:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 13:40 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 13:40 . 2008-02-25 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 10:21 . 2008-02-25 10:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-25 10:21 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 19:52 . 2008-02-24 19:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 19:27 . 2008-02-24 19:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 17:01 . 2008-02-24 17:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 17:01 . 2008-02-24 17:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 17:01 . 2008-02-24 17:01 124 --a------ C:\WINDOWS\is-L68CB.lst
2008-02-21 20:31 . 2008-02-27 19:10 78 --a------ C:\WINDOWS\BM4b2bdf70.xml
2008-02-21 20:31 . 2008-02-28 20:10 22 --a------ C:\WINDOWS\pskt.ini
2008-02-20 20:31 . 2008-02-21 20:31 294 --ahs---- C:\WINDOWS\system32\jukwjhji.ini
2008-02-13 17:43 . 2008-02-13 17:43 355 --ahs---- C:\WINDOWS\system32\ljpjktoj.ini
2008-02-05 17:24 . 2000-05-21 23:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-05 17:24 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-02-05 17:24 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-02-05 17:24 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-02-05 17:24 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.exe
2008-02-05 17:08 . 2008-02-05 17:08 90,688 --a------ C:\WINDOWS\system32\abobeqsm.dll
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-02-05 17:00 . 2008-02-05 17:00 <DIR> d-------- C:\Program Files\Digital1Audio
2008-02-05 16:42 . 2008-02-05 16:42 116 --ahs---- C:\WINDOWS\PCGWIN32.LI3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-27 03:11 --------- d-----w C:\Program Files\Morpheus
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 104 --sh--r C:\WINDOWS\system32\72918E6150.sys
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\UGFt\o3IQ.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
C:\WINDOWS\system32\mljgd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 20:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 04:38 135168]
"BM4b2bdf70"="C:\WINDOWS\system32\frejslhw.dll" [ ]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 22:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
ssqoomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 13:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:52:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 11:42:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-03 11:43:32
ComboFix-quarantined-files.txt 2008-03-03 16:43:17
ComboFix2.txt 2008-03-02 19:10:26
ComboFix3.txt 2008-03-01 23:00:58
.
2008-02-14 07:08:47 --- E O F ---

Response Number 3

Name: jabuck
Date: March 2, 2008 at 17:49:12 Pacific

Reply:

Sorry for the delay.
Please go to Virus Total and upload the following file for analysis:

C:\CF892.exe
C:\CF29829.exe
C:\WINDOWS\system32\abobeqsm.dll
C:\WINDOWS\UGFt\o3IQ.vbs
Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".
Post the results in your reply.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\BM4b2bdf70.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jukwjhji.ini
C:\WINDOWS\system32\ljpjktoj.ini
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\system32\72918E6150.sys
C:\WINDOWS\system32\ssqoomm.dll

Driver::
ssqoomm
Folder::
C:\Temp\pt8q3khslw
C:\Documents and Settings\All Users\Application Data\SalesMon

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM4b2bdf70"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.

Response Number 4

Name: paltman3
Date: March 3, 2008 at 08:10:51 Pacific

Reply:

File CF12971.exe received on 03.03.2008 14:06:41 (CET)
Current status: finished
Result: 0/32 (0.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.2.29.1 2008.03.03 -
AntiVir 7.6.0.73 2008.03.03 -
Authentium 4.93.8 2008.03.02 -
Avast 4.7.1098.0 2008.03.02 -
AVG 7.5.0.516 2008.03.03 -
BitDefender 7.2 2008.03.03 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.03 -
DrWeb 4.44.0.09170 2008.03.03 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5582 2008.03.03 -
Ewido 4.0 2008.03.03 -
FileAdvisor 1 2008.03.03 -
Fortinet 3.14.0.0 2008.03.03 -
F-Prot 4.4.2.54 2008.03.02 -
F-Secure 6.70.13260.0 2008.03.03 -
Ikarus T3.1.1.20 2008.03.03 -
Kaspersky 7.0.0.125 2008.03.03 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.03 -
NOD32v2 2916 2008.03.03 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.02 -
Prevx1 V2 2008.03.03 -
Rising 20.34.02.00 2008.03.03 -
Sophos 4.27.0 2008.03.03 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.03 -
TheHacker 6.2.92.231 2008.03.02 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.02 -
Webwasher-Gateway 6.6.2 2008.03.03 -
Additional information
File size: 388608 bytes
MD5: eeb024f2c81f0d55936fb825d21a91d6
SHA1: dd47ff16176412ec2e170cda441b4a220ff52f46
PEiD: -
File CF892.exe received on 03.03.2008 16:48:17 (CET)
Current status: finished
Result: 0/32 (0.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.2.29.1 2008.03.03 -
AntiVir 7.6.0.73 2008.03.03 -
Authentium 4.93.8 2008.03.02 -
Avast 4.7.1098.0 2008.03.02 -
AVG 7.5.0.516 2008.03.03 -
BitDefender 7.2 2008.03.03 -
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.03 -
DrWeb 4.44.0.09170 2008.03.03 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5582 2008.03.03 -
Ewido 4.0 2008.03.03 -
FileAdvisor 1 2008.03.03 -
Fortinet 3.14.0.0 2008.03.03 -
F-Prot 4.4.2.54 2008.03.02 -
F-Secure 6.70.13260.0 2008.03.03 -
Ikarus T3.1.1.20 2008.03.03 -
Kaspersky 7.0.0.125 2008.03.03 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.03 -
NOD32v2 2917 2008.03.03 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.03.02 -
Prevx1 V2 2008.03.03 -
Rising 20.34.02.00 2008.03.03 -
Sophos 4.27.0 2008.03.03 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.03 -
TheHacker 6.2.92.231 2008.03.02 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.03 -
Webwasher-Gateway 6.6.2 2008.03.03 -
Additional information
File size: 388608 bytes
MD5: eeb024f2c81f0d55936fb825d21a91d6
SHA1: dd47ff16176412ec2e170cda441b4a220ff52f46
PEiD: -
File abobeqsm.dll received on 03.03.2008 16:54:21 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 21/31 (67.75%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.2.29.1 2008.03.03 Win-Trojan/Vundo.90688
AntiVir 7.6.0.73 2008.03.03 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2008.03.02 -
Avast 4.7.1098.0 2008.03.02 Win32:TratBHO
AVG 7.5.0.516 2008.03.03 Lop
BitDefender 7.2 2008.03.03 Trojan.Vundo.DYM
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.03 Trojan.Vundo-1104
DrWeb 4.44.0.09170 2008.03.03 Trojan.Virtumod.272
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5582 2008.03.03 Win32/Vundo.MO
Ewido 4.0 2008.03.03 -
FileAdvisor 1 2008.03.03 -
Fortinet 3.14.0.0 2008.03.03 -
F-Prot 4.4.2.54 2008.03.02 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.03.03 Vundo.gen56
Ikarus T3.1.1.20 2008.03.03 not-a-virus:AdWare.Win32.Virtumonde
Kaspersky 7.0.0.125 2008.03.03 not-a-virus:AdWare.Win32.Virtumonde.gen
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.03.03 Trojan:Win32/Vundo.gen!A
NOD32v2 2917 2008.03.03 Win32/Adware.Virtumonde
Norman 5.80.02 2008.02.29 W32/Virtumonde.KYQ
Panda 9.0.0.4 2008.03.02 Spyware/Virtumonde
Rising 20.34.02.00 2008.03.03 -
Sophos 4.27.0 2008.03.03 Troj/Virtum-Gen
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.03 Trojan.Adclicker
TheHacker 6.2.92.231 2008.03.02 Adware/Virtumonde.gen
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.03 Adware.Vundo.Gen!Pac.18
Webwasher-Gateway 6.6.2 2008.03.03 Trojan.Dldr.ConHook.Gen
Additional information
File size: 90688 bytes
MD5: 383b60efe7492f04ad56e0778e186c70
SHA1: 429c6f6d57c339c03ab94470ec032ca4e1b099de
PEiD: -
File nq6CsqY5tF1qurLNuk.vbs received on 03.02.2008 03:46:18 (CET)
Current status: finished
Result: 15/31 (48.39%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 ADSPY/Isearch
Authentium 4.93.8 2008.03.01 -
Avast 4.7.1098.0 2008.03.01 VBS:Malware-gen
AVG 7.5.0.516 2008.03.01 -
BitDefender 7.2 2008.03.02 Adware.Isearch.D
CAT-QuickHeal 9.50 2008.03.01 -
ClamAV 0.92.1 2008.03.01 -
DrWeb 4.44.0.09170 2008.03.01 -
eSafe 7.0.15.0 2008.02.28 Spyware.Gen
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.03.01 Trojan.Small
FileAdvisor 1 2008.03.02 Low threat detected
Fortinet 3.14.0.0 2008.03.01 Adware/Isearch
F-Prot 4.4.2.54 2008.03.01 -
F-Secure 6.70.13260.0 2008.03.01 -
Ikarus T3.1.1.20 2008.03.02 AdWare.Isearch
Kaspersky 7.0.0.125 2008.03.02 -
McAfee 5242 2008.02.29 potentially unwanted program Adware-Isearch
Microsoft 1.3301 2008.03.02 Adware:Win32/CMDService
NOD32v2 2913 2008.03.01 -
Norman 5.80.02 2008.02.29 VBS/CommAd.A
Panda 9.0.0.4 2008.03.01 Adware/CommAd
Prevx1 V2 2008.03.02 Generic.Malware
Rising 20.33.52.00 2008.03.01 -
Sophos 4.27.0 2008.03.02 CommAd
Sunbelt 3.0.906.0 2008.02.28 -
TheHacker 6.2.9.230 2008.03.01 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.03.02 Ad-Spyware.Isearch
Additional information
File size: 472 bytes
MD5: 387edbb90a5275d1b464eb31f3162c40
SHA1: 40c7e89572e2bee9f8bd24a0163c500205d0cfb8
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/service...
Prevx info: http://info.prevx.com/aboutprogramt...

Response Number 5

Name: paltman3
Date: March 3, 2008 at 08:18:44 Pacific

Reply:

ComboFix 08-03-01 - Pam 2008-03-04 11:15:23.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.623 [GMT -5:00]
Running from: C:\Documents and Settings\Pam\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pam\My Documents\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-02 14:26 . 2008-03-02 14:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-02 14:26 . 2008-03-02 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-02 13:43 . 2007-08-30 13:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 13:43 . 2007-08-30 13:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:27 . 2008-03-02 12:27 <DIR> d-------- C:\Program Files\Seagate
2008-03-02 11:48 . 2008-03-02 11:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 11:34 . 2008-03-02 11:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 10:02 . 2008-03-02 10:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-02 00:14 . 2008-03-02 00:14 <DIR> d-------- C:\Program Files\Conduit
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 20:15 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 19:43 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 19:01 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-29 17:30 . 2004-08-10 06:00 388,608 --a------ C:\CF892.exe
2008-02-29 17:11 . 2004-08-10 06:00 388,608 --a------ C:\CF29829.exe
2008-02-29 17:07 . 2008-02-29 17:45 <DIR> d-------- C:\VundoFix Backups
2008-02-28 19:28 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 17:13 . 2008-02-26 17:13 <DIR> d--h----- C:\Temp\pt8q3khslw
2008-02-25 16:37 . 2008-02-25 16:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 16:35 . 2007-07-25 08:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 16:34 . 2008-02-25 16:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 16:34 . 2008-02-25 16:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 16:34 . 2008-02-25 16:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 16:29 . 2008-02-25 16:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 14:40 . 2008-03-01 23:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 13:43 . 2008-02-25 13:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 13:40 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 13:40 . 2008-02-25 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 10:21 . 2008-02-25 10:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-25 10:21 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 19:52 . 2008-02-24 19:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 19:27 . 2008-02-24 19:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 17:01 . 2008-02-24 17:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 17:01 . 2008-02-24 17:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 17:01 . 2008-02-24 17:01 124 --a------ C:\WINDOWS\is-L68CB.lst
2008-02-21 20:31 . 2008-02-27 19:10 78 --a------ C:\WINDOWS\BM4b2bdf70.xml
2008-02-21 20:31 . 2008-02-28 20:10 22 --a------ C:\WINDOWS\pskt.ini
2008-02-20 20:31 . 2008-02-21 20:31 294 --ahs---- C:\WINDOWS\system32\jukwjhji.ini
2008-02-13 17:43 . 2008-02-13 17:43 355 --ahs---- C:\WINDOWS\system32\ljpjktoj.ini
2008-02-05 17:24 . 2000-05-21 23:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-05 17:24 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-02-05 17:24 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-02-05 17:24 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-02-05 17:24 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.exe
2008-02-05 17:08 . 2008-02-05 17:08 90,688 --a------ C:\WINDOWS\system32\abobeqsm.dll
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-02-05 17:00 . 2008-02-05 17:00 <DIR> d-------- C:\Program Files\Digital1Audio
2008-02-05 16:42 . 2008-02-05 16:42 116 --ahs---- C:\WINDOWS\PCGWIN32.LI3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-27 03:11 --------- d-----w C:\Program Files\Morpheus
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 104 --sh--r C:\WINDOWS\system32\72918E6150.sys
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\UGFt\o3IQ.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
C:\WINDOWS\system32\mljgd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 20:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 04:38 135168]
"BM4b2bdf70"="C:\WINDOWS\system32\frejslhw.dll" [ ]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 22:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
ssqoomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 13:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:52:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 11:17:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 11:18:10
ComboFix-quarantined-files.txt 2008-03-04 16:17:55
ComboFix2.txt 2008-03-03 16:43:32
ComboFix3.txt 2008-03-02 19:10:26
ComboFix4.txt 2008-03-01 23:00:58
.
2008-02-14 07:08:47 --- E O F ---

choice.exe bmp C++ bmp.c	Trojan:Win32/Hiloti.gen!A Virtum-Gen vundo.gen
See More

Response Number 6

Name: jabuck
Date: March 3, 2008 at 14:43:56 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\BM4b2bdf70.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jukwjhji.ini
C:\WINDOWS\system32\ljpjktoj.ini
C:\WINDOWS\system32\abobeqsm.dll
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\system32\72918E6150.sys
C:\WINDOWS\UGFt\o3IQ.vbs
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ssqoomm.dll
C:\WINDOWS\ssqoomm.dll
Driver::
ssqoomm
Folder::
C:\VundoFix Backups
C:\Temp\pt8q3khslw
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\WINDOWS\UGFt

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM4b2bdf70"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download CCleaner from the following link:
< href="http://filehippo.com/download_ccleaner/">http://filehippo.com/download_ccleaner/
After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Post a new Combofix log.

Response Number 7

Name: paltman3
Date: March 3, 2008 at 16:43:17 Pacific

Reply:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 04, 2008 7:28:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/03/2008
Kaspersky Anti-Virus database records: 594708
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 59029
Number of viruses found: 12
Number of infected objects: 203
Number of suspicious objects: 0
Duration of the scan process: 00:48:27
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\MSHist012008030420080305\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_1e8.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DF1370.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe Infected: not-virus:Hoax.Win32.Renos.awx skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\avqacetm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fssiyxsn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\htxljqdo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\idtuport.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lgwhhyum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oqvdclxj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rpcqbjgx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ryapqgfg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP600\change.log Object is locked skipped
C:\VundoFix Backups\ailwnvcc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ajcclpgp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\aoopyjle.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ayxeefgw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bckwqdme.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bgfyrrdt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bjnqihvu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bjvhdfsj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bpgtakab.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bqctrgtu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\brmxvvfo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bsljjoqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\buvyqcrs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bwrwweyx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\byjkigmj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\byxxcbyk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\caakwfpg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ckkethxm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cpmkkmye.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cpynqcps.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ctmfgftu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cxirgsbr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\daqeotxp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dbllgsni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dcspkbob.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dhkwjfuh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dpbmahjg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\drweoaqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dunyqpsb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dviqkqrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ecyrdclf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\eiflkfww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\emqlvlis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\etolhsou.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\evaypwhx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fhfptmys.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fnmtikrw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fnwlhkvw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\frejslhw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ftagwexv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fvubbkdy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fwplabis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fxjjcdxg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gecqjule.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gpakvqni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvanmtxm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvmjcowq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvudegvd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gwjfijcb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hbmabjgd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hbpvkywa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\helgkvjo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hewugyqi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hfwflebu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hjgmmfsy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hljwpqmm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hnpidjls.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\VundoFix Backups\hubpbxor.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hyqvnnfu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\iaxmunjp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibekqqmd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibvjmauo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibvmxcgg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\idkvtiyf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ilawdlsu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ilfiacnq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ivhyohme.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ixopyypr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ixrmuspu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jddrhouy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jhahqhja.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jhxopmob.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jklxdfpt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jlqihegg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jnlhgwaf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jotkjpjl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kejxehdu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kjjvlcoc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kmgglajx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kngeqxun.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\knxpxalh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kordcryg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\labgaktu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lagnyvfu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lbglqccc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lbqkpsdq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lewqxlfq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lmuaewis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lnthdnkh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lnwqqgjl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lrausfyh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lxqqbqhj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mbcddnnn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\megulgtc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\micrimnt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mimjvoix.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mindenci.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mjetjpgn.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\VundoFix Backups\mldenayt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mucnuxad.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nauowwne.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\niovtkxg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nnshkthh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nqextkrp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nsgltfnu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nsmoabdn.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\VundoFix Backups\ocfkbmtj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\odcvnupl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ohgmyyqh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\okunrguv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\olrwrraa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\opaxfskw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\oraowiyk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ovygnyqm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pdqqmyof.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pdrofwoc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\petlcjop.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\phaahbpt.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\VundoFix Backups\phjookdr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pklbeott.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\plcwbogn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\prcugcvp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\prospxtc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\psdhynjh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pvitwxfs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pvkgwhyi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pyjmogcp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qefenxpn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qipqvjqi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qjubnude.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qowatjqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qtbvtrrv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qwhenqha.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qycdlybj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rbckpnfy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rdegnnhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rdqpomft.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rjqhahii.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rnjhbdyv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rpipqbjw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rpselcni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rqgrptnt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rqppyvdv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rrqqneok.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ryagdqtd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\shpmneny.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\sihasnrs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\VundoFix Backups\siwupkpv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\skoropgv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\svegwydy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\syauvrsk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tedfydgf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tfrwjtrx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tjajibee.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tlnydgji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\toixhrnv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\udqnjoui.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uhbrjuub.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\upjdbhnp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ureogvmi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\utmtjcan.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uupmmgoh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uxunxipt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vjupussv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vwnntbpd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vwrygmgl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vxyavscc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wcsolqyt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wghkxdby.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\whpfahua.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\whvgaecg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wiojwync.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wyksndim.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xbfysjpk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xbtcvmww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xcvaaksv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xiwstlla.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xqdukmuo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xyucmbyo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ycvfqean.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ymbwqvkk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ymtefkqa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ynapfqrw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\yodnjpdr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ywvfixgl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\abobeqsm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

ComboFix 08-03-01 - Pam 2008-03-04 19:30:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.559 [GMT -5:00]
Running from: C:\Documents and Settings\Pam\My Documents\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-04 19:15 . 2008-03-04 19:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 19:15 . 2008-03-04 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-04 18:18 . 2008-03-04 18:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-04 18:17 . 2008-03-04 18:18 <DIR> d-------- C:\Program Files\CCleaner
2008-03-02 13:43 . 2007-08-30 13:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 13:43 . 2007-08-30 13:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:27 . 2008-03-02 12:27 <DIR> d-------- C:\Program Files\Seagate
2008-03-02 11:34 . 2008-03-02 11:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 10:02 . 2008-03-02 10:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-02 00:14 . 2008-03-02 00:14 <DIR> d-------- C:\Program Files\Conduit
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 20:15 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 19:43 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 19:01 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-29 17:30 . 2004-08-10 06:00 388,608 --a------ C:\CF892.exe
2008-02-29 17:11 . 2004-08-10 06:00 388,608 --a------ C:\CF29829.exe
2008-02-29 17:07 . 2008-02-29 17:45 <DIR> d-------- C:\VundoFix Backups
2008-02-28 19:28 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 17:13 . 2008-02-26 17:13 <DIR> d--h----- C:\Temp\pt8q3khslw
2008-02-25 16:37 . 2008-02-25 16:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 16:35 . 2007-07-25 08:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 16:34 . 2008-02-25 16:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 16:34 . 2008-02-25 16:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 16:34 . 2008-02-25 16:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 16:29 . 2008-02-25 16:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 14:40 . 2008-03-01 23:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 13:43 . 2008-02-25 13:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 13:40 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 13:40 . 2008-02-25 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 10:21 . 2008-02-25 10:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-25 10:21 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 19:52 . 2008-02-24 19:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 19:27 . 2008-02-24 19:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 17:01 . 2008-02-24 17:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 17:01 . 2008-02-24 17:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 17:01 . 2008-02-24 17:01 124 --a------ C:\WINDOWS\is-L68CB.lst
2008-02-21 20:31 . 2008-02-27 19:10 78 --a------ C:\WINDOWS\BM4b2bdf70.xml
2008-02-21 20:31 . 2008-02-28 20:10 22 --a------ C:\WINDOWS\pskt.ini
2008-02-20 20:31 . 2008-02-21 20:31 294 --ahs---- C:\WINDOWS\system32\jukwjhji.ini
2008-02-13 17:43 . 2008-02-13 17:43 355 --ahs---- C:\WINDOWS\system32\ljpjktoj.ini
2008-02-05 17:24 . 2000-05-21 23:00 166,600 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-05 17:24 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-02-05 17:24 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-02-05 17:24 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-02-05 17:24 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.exe
2008-02-05 17:08 . 2008-02-05 17:08 90,688 --a------ C:\WINDOWS\system32\abobeqsm.dll
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-02-05 17:02 . 2008-02-05 17:02 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-02-05 17:00 . 2008-02-05 17:00 <DIR> d-------- C:\Program Files\Digital1Audio
2008-02-05 16:42 . 2008-02-05 16:42 116 --ahs---- C:\WINDOWS\PCGWIN32.LI3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-27 03:11 --------- d-----w C:\Program Files\Morpheus
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 104 --sh--r C:\WINDOWS\system32\72918E6150.sys
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\UGFt\o3IQ.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
C:\WINDOWS\system32\mljgd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 20:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 04:38 135168]
"BM4b2bdf70"="C:\WINDOWS\system32\frejslhw.dll" [ ]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 22:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
ssqoomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 13:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:52:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 19:31:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 19:32:24
ComboFix-quarantined-files.txt 2008-03-05 00:32:09
ComboFix2.txt 2008-03-04 16:18:11
ComboFix3.txt 2008-03-03 16:43:32
ComboFix4.txt 2008-03-02 19:10:26
ComboFix5.txt 2008-03-01 23:00:58
.
2008-02-14 07:08:47 --- E O F ---

Response Number 8

Name: paltman3
Date: March 4, 2008 at 15:19:08 Pacific

Reply:

I posted the logs is there anything else I need to do ?

Response Number 9

Name: paltman3
Date: March 4, 2008 at 17:51:29 Pacific

Reply:

are you still there? Did I do something wrong?

Response Number 10

Name: jabuck
Date: March 4, 2008 at 19:59:31 Pacific

Reply:

Still here just working long hours.
There is something blocking our efforts to remove your malware and I suspect that it is you antivirus.
Disconnect from the internet, disable your antivirus then follow the steps in response #6 again, restart your antivirus then post the results please.

Response Number 11

Name: paltman3
Date: March 6, 2008 at 09:56:55 Pacific

Reply:

Here is response #6 repeated
---------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 07, 2008 12:40:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/03/2008
Kaspersky Anti-Virus database records: 603975
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 59122
Number of viruses found: 12
Number of infected objects: 203
Number of suspicious objects: 0
Duration of the scan process: 00:46:25
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Torrent-Search\rss\http___rss_thepiratebay_org_699.xml Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_1e8.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\se_4A16.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DF2556.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DFCC8B.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\85QR0T6Z\699[1].xml Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe Infected: not-virus:Hoax.Win32.Renos.awx skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\avqacetm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fssiyxsn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\htxljqdo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\idtuport.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lgwhhyum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oqvdclxj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rpcqbjgx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ryapqgfg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP607\change.log Object is locked skipped
C:\VundoFix Backups\ailwnvcc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ajcclpgp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\aoopyjle.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ayxeefgw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bckwqdme.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bgfyrrdt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bjnqihvu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bjvhdfsj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bpgtakab.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bqctrgtu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\brmxvvfo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bsljjoqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\buvyqcrs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\bwrwweyx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\byjkigmj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\byxxcbyk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\caakwfpg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ckkethxm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cpmkkmye.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cpynqcps.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ctmfgftu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\cxirgsbr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\daqeotxp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dbllgsni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dcspkbob.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dhkwjfuh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dpbmahjg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\drweoaqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dunyqpsb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dviqkqrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ecyrdclf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\eiflkfww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\emqlvlis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\etolhsou.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\evaypwhx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fhfptmys.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fnmtikrw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fnwlhkvw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\frejslhw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ftagwexv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fvubbkdy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fwplabis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fxjjcdxg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gecqjule.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gpakvqni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvanmtxm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvmjcowq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gvudegvd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\gwjfijcb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hbmabjgd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hbpvkywa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\helgkvjo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hewugyqi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hfwflebu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hjgmmfsy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hljwpqmm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hnpidjls.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\VundoFix Backups\hubpbxor.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\hyqvnnfu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\iaxmunjp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibekqqmd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibvjmauo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ibvmxcgg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\idkvtiyf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ilawdlsu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ilfiacnq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ivhyohme.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ixopyypr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ixrmuspu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jddrhouy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jhahqhja.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jhxopmob.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jklxdfpt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jlqihegg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jnlhgwaf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\jotkjpjl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kejxehdu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kjjvlcoc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kmgglajx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kngeqxun.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\knxpxalh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\kordcryg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\labgaktu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lagnyvfu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lbglqccc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lbqkpsdq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lewqxlfq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lmuaewis.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lnthdnkh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lnwqqgjl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lrausfyh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\lxqqbqhj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mbcddnnn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\megulgtc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\micrimnt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mimjvoix.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mindenci.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mjetjpgn.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped
C:\VundoFix Backups\mldenayt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\mucnuxad.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nauowwne.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\niovtkxg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nnshkthh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nqextkrp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nsgltfnu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\nsmoabdn.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\VundoFix Backups\ocfkbmtj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\odcvnupl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ohgmyyqh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\okunrguv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\olrwrraa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\opaxfskw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\oraowiyk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ovygnyqm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pdqqmyof.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pdrofwoc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\petlcjop.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\phaahbpt.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\VundoFix Backups\phjookdr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pklbeott.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\plcwbogn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\prcugcvp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\prospxtc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\psdhynjh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pvitwxfs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pvkgwhyi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pyjmogcp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qefenxpn.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qipqvjqi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qjubnude.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qowatjqt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qtbvtrrv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qwhenqha.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\qycdlybj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rbckpnfy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rdegnnhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rdqpomft.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rjqhahii.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rnjhbdyv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rpipqbjw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rpselcni.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rqgrptnt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rqppyvdv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\rrqqneok.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ryagdqtd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\shpmneny.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\sihasnrs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\VundoFix Backups\siwupkpv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\skoropgv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\svegwydy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\syauvrsk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tedfydgf.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tfrwjtrx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tjajibee.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tlnydgji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\toixhrnv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\udqnjoui.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uhbrjuub.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\upjdbhnp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ureogvmi.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\utmtjcan.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uupmmgoh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\uxunxipt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vjupussv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vwnntbpd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vwrygmgl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\vxyavscc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wcsolqyt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wghkxdby.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\whpfahua.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\whvgaecg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wiojwync.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wyksndim.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xbfysjpk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xbtcvmww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xcvaaksv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xiwstlla.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xqdukmuo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xyucmbyo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ycvfqean.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ymbwqvkk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ymtefkqa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ynapfqrw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\yodnjpdr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ywvfixgl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\abobeqsm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
ComboFix 08-03-01 - Pam 2008-03-07 12:42:23.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.528 [GMT -5:00]
Running from: C:\Documents and Settings\Pam\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pam\My Documents\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
2008-03-07 10:00 . 2008-03-07 10:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-07 10:00 . 2008-03-07 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-04 18:19 . 2008-03-04 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-04 18:18 . 2008-03-04 18:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-04 18:17 . 2008-03-04 18:18 <DIR> d-------- C:\Program Files\CCleaner
2008-03-02 13:43 . 2007-08-30 13:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 13:43 . 2007-08-30 13:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:27 . 2008-03-02 12:27 <DIR> d-------- C:\Program Files\Seagate
2008-03-02 11:34 . 2008-03-02 11:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 10:02 . 2008-03-02 10:02 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-02 00:14 . 2008-03-02 00:14 <DIR> d-------- C:\Program Files\Conduit
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 00:13 . 2008-03-02 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 20:15 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 19:43 . 2008-03-01 19:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 19:43 . 2008-03-02 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 19:01 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-29 17:30 . 2004-08-10 06:00 388,608 --a------ C:\CF892.exe
2008-02-29 17:11 . 2004-08-10 06:00 388,608 --a------ C:\CF29829.exe
2008-02-29 17:07 . 2008-02-29 17:45 <DIR> d-------- C:\VundoFix Backups
2008-02-28 19:28 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 17:13 . 2008-02-26 17:13 <DIR> d--h----- C:\Temp\pt8q3khslw
2008-02-25 16:37 . 2008-02-25 16:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 16:35 . 2007-07-25 08:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 16:34 . 2008-02-25 16:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 16:34 . 2008-02-25 16:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 16:34 . 2008-02-25 16:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 16:29 . 2008-02-25 16:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 14:40 . 2008-03-01 23:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 13:43 . 2008-02-25 13:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 13:40 . 2008-03-01 23:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 13:40 . 2008-02-25 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 10:21 . 2008-02-25 10:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-25 10:21 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 19:52 . 2008-02-24 19:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 19:27 . 2008-02-24 19:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 17:01 . 2008-02-24 17:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 17:01 . 2008-02-24 17:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 17:01 . 2008-02-24 17:01 124 --a------ C:\WINDOWS\is-L68CB.lst
2008-02-21 20:31 . 2008-02-27 19:10 78 --a------ C:\WINDOWS\BM4b2bdf70.xml
2008-02-21 20:31 . 2008-02-28 20:10 22 --a------ C:\WINDOWS\pskt.ini
2008-02-20 20:31 . 2008-02-21 20:31 294 --ahs---- C:\WINDOWS\system32\jukwjhji.ini
2008-02-13 17:43 . 2008-02-13 17:43 355 --ahs---- C:\WINDOWS\system32\ljpjktoj.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-27 03:11 --------- d-----w C:\Program Files\Morpheus
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-02-05 22:08 90,688 ----a-w C:\WINDOWS\system32\abobeqsm.dll
2008-02-05 22:00 --------- d-----w C:\Program Files\Digital1Audio
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 104 --sh--r C:\WINDOWS\system32\72918E6150.sys
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\UGFt\o3IQ.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
C:\WINDOWS\system32\mljgd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 20:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 04:38 135168]
"BM4b2bdf70"="C:\WINDOWS\system32\frejslhw.dll" [ ]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 22:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
ssqoomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 13:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:52:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 12:44:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-07 12:44:48
ComboFix-quarantined-files.txt 2008-03-07 17:44:33
ComboFix2.txt 2008-03-07 14:48:14
ComboFix3.txt 2008-03-06 11:56:35
ComboFix4.txt 2008-03-05 00:32:24
ComboFix5.txt 2008-03-04 16:18:11
.
2008-02-14 07:08:47 --- E O F ---

Response Number 12

Name: paltman3
Date: March 8, 2008 at 06:40:45 Pacific

Reply:

I ran those reports you ask for, my system is acting up. when I go to scroll through anything in is blinking my screen and my mouse doesn't want to work real go. I don't know if this has anything to do with the viruses or not.
I also want to thank you for all that you have done for me up to this point it is greatly appreciated!

Response Number 13

Name: jabuck
Date: March 8, 2008 at 17:42:49 Pacific

Reply:

Please download SmitFraudFix from this link:
SmitfraudFix
Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Go to the following link:
http://virusscan.jotti.org/
Then use the browse button to locate this file:

C:\WINDOWS\is-L68CB.exe
C:\WINDOWS\is-HLTBP.exe
C:\Temp\pt8q3khslw
Once located click submit then post the results.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe
C:\WINDOWS\system32\abobeqsm.dll
C:\WINDOWS\system32\gjrusqdp.exe
C:\WINDOWS\BM4b2bdf70.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jukwjhji.ini
C:\WINDOWS\system32\ljpjktoj.ini
C:\WINDOWS\system32\72918E6150.sys
C:\WINDOWS\UGFt\o3IQ.vbs

Driver::
Folder::
C:\VundoFix Backups
C:\QooBox\Quarantine
C:\WINDOWS\UGFt
C:\Temp\pt8q3khslw

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Go to start> run> type in combofix /u (there must be a space after combofix) then press enter.
Next download a new copy of combifix and post a new log.
Go to start> control panel> add/remove programs and uninstall Kasperspy. Then run a new kasperskay as per the directions in response #6.

Response Number 14

Name: paltman3
Date: March 8, 2008 at 19:39:02 Pacific

Reply:

SmitFraudFix v2.300
Scan done at 23:12:14.43, Sun 03/09/2008
Run from C:\Documents and Settings\Pam\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Fellowes\MediaFACE 4.2\MfRunWiz.exe
C:\PROGRA~1\Fellowes\MEDIAF~1.2\MEDIAF~1.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pam

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pam\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pam\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
a=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{25E89F76-4F5C-4EEA-A1FB-9A861535C28E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{25E89F76-4F5C-4EEA-A1FB-9A861535C28E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{25E89F76-4F5C-4EEA-A1FB-9A861535C28E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{25E89F76-4F5C-4EEA-A1FB-9A861535C28E}: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Service load: 0% 100%

File: is-L68CB.exe
Status: OK
MD5: 946955ddea5aa2ec7fc1c4be156fc799
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 09 Mar 2008 03:16:59 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Service load: 0% 100%

File: is-HLTBP.exe
Status: OK
MD5: 22f257a7d0af753aee567f2bcbc8d8d2
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 09 Mar 2008 03:22:43 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
a
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-27 03:11 --------- d-----w C:\Program Files\Morpheus
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-02-05 22:08 90,688 ----a-w C:\WINDOWS\system32\abobeqsm.dll
2008-02-05 22:00 --------- d-----w C:\Program Files\Digital1Audio
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 104 --sh--r C:\WINDOWS\system32\72918E6150.sys
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\UGFt\o3IQ.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
C:\WINDOWS\system32\mljgd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 21:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 05:38 135168]
"BM4b2bdf70"="C:\WINDOWS\system32\frejslhw.dll" [ ]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 13:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 23:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
ssqoomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 09:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 14:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 14:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 16:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 17:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
*Newly Created Service* - MCRDSVC
*Newly Created Service* - UPNPHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 23:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 23:35:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-09 23:36:21
ComboFix-quarantined-files.txt 2008-03-10 03:36:06
ComboFix2.txt 2008-03-07 17:44:48
ComboFix3.txt 2008-03-07 14:48:14
ComboFix4.txt 2008-03-06 11:56:35
ComboFix5.txt 2008-03-05 00:32:24
.
2008-03-08 07:01:27 --- E O F ---

Response Number 15

Name: paltman3
Date: March 8, 2008 at 21:12:40 Pacific

Reply:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 10, 2008 1:07:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 616995
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 58682
Number of viruses found: 5
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 00:48:43
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_a40.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DFC4A7.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe Infected: not-virus:Hoax.Win32.Renos.awx skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\abobeqsm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 16

Name: jabuck
Date: March 8, 2008 at 21:32:23 Pacific

Reply:

Do you know what this folder is?
C:\Program Files\Common Files\mexoh
Something is preventing us from deleting the bad files.
Make sure that any realtime protection that you may have is turned off. You can see several of them in the "Disable realtime protection" link in response #1.
If you have these turned off the there may be a realtime protector in your antivirus. If so you will need to disconnect from the internet, disable your antivirus then do the following:
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe
C:\WINDOWS\system32\abobeqsm.dll
C:\WINDOWS\system32\gjrusqdp.exe
C:\WINDOWS\BM4b2bdf70.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jukwjhji.ini
C:\WINDOWS\system32\ljpjktoj.ini
C:\WINDOWS\system32\72918E6150.sys
C:\WINDOWS\UGFt\o3IQ.vbs
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\ssqoomm.dll
C:\WINDOWS\ssqoomm.dll
C:\WINDOWS\system32\frejslhw.dll
Driver::
BM4b2bdf70
ssqoomm

Folder::
C:\VundoFix Backups
C:\QooBox\Quarantine
C:\WINDOWS\UGFt
C:\Temp\pt8q3khslw

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C50C32F-1F7C-43DD-A1DC-29D0BC9855C7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM4b2bdf70"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoomm]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.
Be sure your antivirus is turned back on before reconnecting to the internet.

Response Number 17

Name: paltman3
Date: March 9, 2008 at 06:54:22 Pacific

Reply:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 10, 2008 1:07:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 616995
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 58682
Number of viruses found: 5
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 00:48:43
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_a40.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DFC4A7.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\My Documents\_bm1fcmlkX2t3Ml9tYTlz_YWQgd2FyZQ_bm1fNjgwODlfNzkyNjYwZjQ1YzFjMTFkYzk5YzNmNjgwODlmZGZmZmZfOGM4Yjk3ZDkzNGE3NDFmN2JmYzdjODIzODI0NTljZmI_.exe Infected: not-virus:Hoax.Win32.Renos.awx skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\abobeqsm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP619\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0003 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0018 Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019/HbTools.mlp Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe/data0019 Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped
C:\WINDOWS\system32\gjrusqdp.exe NSIS: infected - 5 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 18

Name: paltman3
Date: March 9, 2008 at 10:04:00 Pacific

Reply:

when I am in ie my font is on the smallest view, I can barely read when I go to view and text size and try to change it, it will not let me just started doing that

Response Number 19

Name: paltman3
Date: March 10, 2008 at 18:45:20 Pacific

Reply:

Forget the last message, I rebooted and the font was ok again. I am down to 11 viruses now looking better

Response Number 20

Name: paltman3
Date: March 11, 2008 at 14:55:04 Pacific

Reply:

While I was waiting for a reply I repeated response #6 and here it the k scan results...they are coming down slowly
---------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 12, 2008 5:53:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/03/2008
Kaspersky Anti-Virus database records: 624691
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 60254
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:48:53
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_670.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DF67AD.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP626\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C5010373-F511-43D6-8DBC-B142E75DE308}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\sbc2\nldss40.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\WINDOWS\system32\typ2\key89104.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\WINDOWS\system32\typ2\key89104.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 21

Name: jabuck
Date: March 11, 2008 at 19:00:43 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\sbc2\nldss40.exe C:\WINDOWS\system32\typ2\key89104.exe/data0002 C:\WINDOWS\system32\typ2\key89104.exe

Folder::
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\typ2\key89104.exe/data0002
C:\WINDOWS\system32\sbc2

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.

Response Number 22

Name: paltman3
Date: March 12, 2008 at 17:34:17 Pacific

Reply:

Here is the new combofix log... I tried everything to do the bitdefender scan...it just would not let me download the update virus log to start the scan. I even tried turning my firewall off...I have always had trouble with downloading ANYTHING it seems worse than ever...what should I do...I even went to download.com thinking I might be able to download it there...wouldn't go past 11%...any advice?
ComboFix 08-03-08.2 - Pam 2008-03-13 19:06:01.14 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.657 [GMT -4:00]
Running from: C:\Documents and Settings\Pam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pam\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\sbc2\nldss40.exe C:\WINDOWS\system32\typ2\key89104.exe/data0002 C:\WINDOWS\system32\typ2\key89104.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\sbc2
C:\WINDOWS\system32\sbc2\nldss40.exe
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\typ2\key89104.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.
2008-03-12 10:21 . 2008-03-12 10:21 <DIR> d-------- C:\WINDOWS\system32\nil3
2008-03-12 10:21 . 2008-03-12 10:21 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-12 10:21 . 2008-03-12 10:21 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-12 10:21 . 2008-03-12 10:21 <DIR> d-------- C:\WINDOWS\system32\dr6
2008-03-11 15:53 . 2008-03-11 15:53 <DIR> d-------- C:\Program Files\VSO
2008-03-11 15:53 . 2008-03-11 17:04 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Vso
2008-03-11 15:53 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-11 15:53 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-11 15:53 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-11 15:53 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-11 15:53 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-11 15:53 . 2008-03-11 15:53 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-11 15:53 . 2008-03-11 15:53 47,360 --a------ C:\Documents and Settings\Pam\Application Data\pcouffin.sys
2008-03-09 23:50 . 2008-03-09 23:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-09 23:50 . 2008-03-09 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-09 23:12 . 2008-03-09 23:12 1,672 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-09 23:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-09 23:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-09 23:11 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-09 23:11 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-09 23:11 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-09 23:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-09 23:11 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-07 16:56 . 2008-03-07 16:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\vlc
2008-03-07 15:33 . 2008-03-07 15:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 15:32 . 2008-03-07 15:32 <DIR> d-------- C:\c248e91e797c4a4f325279
2008-03-07 14:12 . 2008-03-07 14:12 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Uniblue
2008-03-04 19:17 . 2008-03-04 19:18 <DIR> d-------- C:\Program Files\CCleaner
2008-03-02 14:43 . 2007-08-30 14:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 14:43 . 2007-08-30 14:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:34 . 2008-03-02 12:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 01:13 . 2008-03-02 01:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 01:13 . 2008-03-12 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 21:15 . 2008-03-02 00:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 20:43 . 2008-03-01 20:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 20:43 . 2008-03-02 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 20:01 . 1999-12-21 08:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-28 20:28 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 17:37 . 2008-02-25 17:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 17:35 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 17:34 . 2008-02-25 17:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 17:34 . 2008-02-25 17:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 17:34 . 2008-02-25 17:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 17:29 . 2008-02-25 17:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 15:40 . 2008-03-02 00:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 14:43 . 2008-02-25 14:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 14:40 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 14:40 . 2008-02-25 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 11:21 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 20:52 . 2008-02-24 20:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 20:27 . 2008-02-24 20:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 18:01 . 2008-02-24 18:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 18:01 . 2008-02-24 18:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 18:01 . 2008-02-24 18:01 124 --a------ C:\WINDOWS\is-L68CB.lst
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 02:53 --------- d-----w C:\Program Files\Morpheus
2008-03-07 21:45 --------- d-----w C:\Program Files\Common Files\Real
2008-03-07 19:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-02-05 22:00 --------- d-----w C:\Program Files\Digital1Audio
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 22:13 23,040 ----a-w C:\WINDOWS\system32\smrgdf.exe
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-09_23.45.51.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-30 20:19:42 183,216 ----a-w C:\WINDOWS\system32\dr6\crecomdll1.exe
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-05 20:48:12 126,976 ----a-w C:\WINDOWS\system32\lows8\spgdn65.exe
- 2008-02-04 20:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-07 19:51:13 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-11 00:34:44 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-07 19:51:13 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-11 00:34:44 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 1998-03-08 23:28:54 273,408 ----a-w C:\WINDOWS\system32\Pncrt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 21:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 05:38 135168]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 13:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 23:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayawwt]
yayawwt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 09:09]
S1 raspppoee;raspppoee;C:\WINDOWS\system32\drivers\raspppoee.sys []
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 14:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 14:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 16:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 17:54]
S4 MyDNS;Window Net Dns;C:\Program Files\Outlook Express\svchost.exe [2008-03-10 02:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 23:52:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 19:08:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-13 19:08:52
ComboFix-quarantined-files.txt 2008-03-13 23:08:32
ComboFix2.txt 2008-03-12 22:05:58
ComboFix3.txt 2008-03-12 19:57:52
ComboFix4.txt 2008-03-12 19:37:46
ComboFix5.txt 2008-03-10 03:46:23
.
2008-03-13 06:01:26 --- E O F ---

Response Number 23

Name: paltman3
Date: March 12, 2008 at 17:36:36 Pacific

Reply:

PS
I allowed the active X to install also, still nothing

Response Number 24

Name: jabuck
Date: March 13, 2008 at 19:16:54 Pacific

Reply:

Do you know what this is
C:\Program Files\Common Files\mexoh
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\drv43260.dll
C:\WINDOWS\system32\drv33260.dll
C:\WINDOWS\system32\drv23260.dll
C:\WINDOWS\system32\cook3260.dll

Folder::
C:\WINDOWS\system32\nil3
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\dr6
C:\c248e91e797c4a4f325279
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayawwt]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.

Response Number 25

Name: paltman3
Date: March 14, 2008 at 04:43:16 Pacific

Reply:

No, I don't know what that is (C:\Program Files\Common Files\mexoh)
Here is the new combofix log

ComboFix 08-03-13.4 - Pam 2008-03-15 7:30:34.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.667 [GMT -4:00]
Running from: C:\Documents and Settings\Pam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pam\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\system32\cook3260.dll
C:\WINDOWS\system32\drv23260.dll
C:\WINDOWS\system32\drv33260.dll
C:\WINDOWS\system32\drv43260.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\c248e91e797c4a4f325279
C:\c248e91e797c4a4f325279\update\update.exe
C:\WINDOWS\system32\cook3260.dll
C:\WINDOWS\system32\dr6
C:\WINDOWS\system32\dr6\crecomdll1.exe
C:\WINDOWS\system32\drv23260.dll
C:\WINDOWS\system32\drv33260.dll
C:\WINDOWS\system32\drv43260.dll
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\lows8\spgdn65.exe
C:\WINDOWS\system32\nil3
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-13 20:19 . 2008-03-13 20:23 <DIR> d-------- C:\Program Files\RegClean
2008-03-13 20:19 . 2008-03-13 20:22 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\RegClean
2008-03-13 19:12 . 2008-03-13 20:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-11 15:53 . 2008-03-11 15:53 <DIR> d-------- C:\Program Files\VSO
2008-03-11 15:53 . 2008-03-11 17:04 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Vso
2008-03-11 15:53 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-11 15:53 . 2008-03-11 15:53 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-11 15:53 . 2008-03-11 15:53 47,360 --a------ C:\Documents and Settings\Pam\Application Data\pcouffin.sys
2008-03-09 23:50 . 2008-03-09 23:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-09 23:50 . 2008-03-09 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-09 23:12 . 2008-03-09 23:12 1,672 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-09 23:11 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-09 23:11 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-09 23:11 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-09 23:11 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-09 23:11 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-09 23:11 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-09 23:11 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-07 16:56 . 2008-03-07 16:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\vlc
2008-03-07 15:33 . 2008-03-07 15:33 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 14:12 . 2008-03-07 14:12 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Uniblue
2008-03-02 14:43 . 2007-08-30 14:12 67,752 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-03-02 14:43 . 2007-08-30 14:12 61,096 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-03-02 12:34 . 2008-03-02 12:34 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\Premium Security Suite
2008-03-02 01:13 . 2008-03-02 01:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-03-02 01:13 . 2008-03-12 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-01 21:15 . 2008-03-02 00:55 <DIR> d-------- C:\Program Files\Torrent-Search
2008-03-01 20:43 . 2008-03-01 20:43 <DIR> d-------- C:\Program Files\Avira
2008-03-01 20:43 . 2008-03-02 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-01 20:01 . 1999-12-21 08:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-02-28 20:28 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 17:37 . 2008-02-25 17:37 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-02-25 17:35 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-02-25 17:34 . 2008-02-25 17:34 681,984 --a------ C:\WINDOWS\is-HLTBP.exe
2008-02-25 17:34 . 2008-02-25 17:34 10,529 --a------ C:\WINDOWS\is-HLTBP.msg
2008-02-25 17:34 . 2008-02-25 17:34 557 --a------ C:\WINDOWS\is-HLTBP.lst
2008-02-25 17:29 . 2008-02-25 17:29 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-02-25 15:40 . 2008-03-02 00:56 <DIR> d-------- C:\Documents and Settings\Pam\Application Data\iolo
2008-02-25 14:43 . 2008-02-25 14:43 4,128 --a------ C:\INFCACHE.1
2008-02-25 14:40 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\ESET
2008-02-25 14:40 . 2008-02-25 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-25 11:21 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-24 20:52 . 2008-02-24 20:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-24 20:27 . 2008-02-24 20:32 <DIR> d-------- C:\Program Files\PC MightyMax 2007
2008-02-24 18:01 . 2008-02-24 18:01 657,408 --a------ C:\WINDOWS\is-L68CB.exe
2008-02-24 18:01 . 2008-02-24 18:01 10,586 --a------ C:\WINDOWS\is-L68CB.msg
2008-02-24 18:01 . 2008-02-24 18:01 124 --a------ C:\WINDOWS\is-L68CB.lst
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 02:53 --------- d-----w C:\Program Files\Morpheus
2008-03-07 21:45 --------- d-----w C:\Program Files\Common Files\Real
2008-03-07 19:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-02 05:13 --------- d-----w C:\Program Files\RegistryFix
2008-03-02 05:13 --------- d-----w C:\Program Files\RAM Idle LE
2008-03-02 05:13 --------- d-----w C:\Program Files\QuickTime
2008-03-02 05:13 --------- d-----w C:\Program Files\iTunes
2008-03-02 05:13 --------- d-----w C:\Program Files\Common Files\Kaspersky Lab
2008-03-02 05:13 --------- d-----w C:\Program Files\BitComet
2008-03-02 05:13 --------- d-----w C:\Program Files\Apple Software Update
2008-03-02 04:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-25 14:23 --------- d-----w C:\Documents and Settings\Pam\Application Data\LimeWire
2008-02-12 02:46 --------- d-----w C:\Documents and Settings\Pam\Application Data\AdobeUM
2008-02-05 22:00 --------- d-----w C:\Program Files\Digital1Audio
2008-01-11 15:55 437,096 ----a-w C:\WINDOWS\system32\Incinerator.dll
2008-01-09 19:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2006-08-06 16:54 517 ----a-w C:\Program Files\Common Files\mexoh
2007-11-05 23:23 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-09_23.45.51.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-13 23:13:10 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-13 23:13:11 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-13 23:13:11 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-13 23:31:22 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-13 23:31:26 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-13 23:13:12 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-02-04 20:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-07 19:51:13 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-11 00:34:44 59,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-07 19:51:13 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-11 00:34:44 394,078 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 1998-03-08 23:28:54 273,408 ----a-w C:\WINDOWS\system32\Pncrt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 21:38 230976]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 05:38 135168]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 13:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-02-17 23:51:42 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\BitComet\BitComet.exe"= C:\Program Files\BitComet\BitComet.exe:67.140.55.245/255.255.255.255:Enabled:BitComet - a BitTorrent Client
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21588:TCP"= 21588:TCP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 TCP
"21588:UDP"= 21588:UDP:67.140.55.245/255.255.255.255:Enabled:BitComet 21588 UDP
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 09:09]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 14:08]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.exe" [2007-08-14 14:22]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 16:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 17:54]
S4 MyDNS;Window Net Dns;C:\Program Files\Outlook Express\svchost.exe [2008-03-10 02:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc74f0-a42d-11dc-8828-001320c3965c}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 22:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 07:32:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 7:33:48
ComboFix-quarantined-files.txt 2008-03-15 11:33:10
ComboFix2.txt 2008-03-13 23:08:53
ComboFix3.txt 2008-03-12 22:05:58
ComboFix4.txt 2008-03-12 19:57:52
ComboFix5.txt 2008-03-12 19:37:46
.
2008-03-13 06:01:26 --- E O F ---

Response Number 26

Name: jabuck
Date: March 14, 2008 at 19:42:06 Pacific

Reply:

Looks much better.
Your java is out of date and can be exploited so lets get that updated.
Download the latest version of java from this link Java
Click on the JDK 6 Update 5 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jdk-6u5-windows-i586-p.exe to install the newest version.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Run Ccleaner again.
Go to start>control panel> add/remove programs and uninstall "Kaspersky"
Download a run the Kaspersky scan again, the uninstall/reinstall it will allow it to update:

Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Response Number 27

Name: paltman3
Date: March 15, 2008 at 12:25:29 Pacific

Reply:

here is the new k scan report:
---------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 16, 2008 3:22:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/03/2008
Kaspersky Anti-Virus database records: 631660
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 59872
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:50:37
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Pam\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_2b8.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DF1C73.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DFBF09.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\STURO1MJ\imgad[2].swf Object is locked skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sbc2\nldss40.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\typ2\key89104.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\typ2\key89104.exe.vir NSIS: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP647\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 28

Name: paltman3
Date: March 15, 2008 at 20:43:19 Pacific

Reply:

I bought kaspersky 7.0 and ran it then I ran a new on line k scan here is the new report:
---------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 16, 2008 11:41:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/03/2008
Kaspersky Anti-Virus database records: 632273
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 61435
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:48:29
Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0076_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0078_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0079_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0079_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\History\History.IE5\MSHist012008031620080317\index.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\Perflib_Perfdata_6a0.dat Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temp\~DF7672.tmp Object is locked skipped
C:\Documents and Settings\Pam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pam\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-2750919515-179213914-396351099-1005\Dc2\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{CC037DD2-9419-4671-A416-BD1031B6C191}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\cch~7d38860bb44.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~7d388828576.htp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 29

Name: paltman3
Date: March 16, 2008 at 10:00:02 Pacific

Reply:

PS.
I still have the red X on my c drive also.

Response Number 30

Name: paltman3
Date: March 20, 2008 at 13:15:24 Pacific

Reply:

Just one virus left...do you think this is what is keeping the red X there...hopefully you can help me and then I can quit bothing you...well at least for a while...I am sure there will always be something : )

Response Number 31

Name: jabuck
Date: March 21, 2008 at 07:42:24 Pacific

Reply:

This file is not a threat but remove it anyway.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\RECYCLER\S-1-5-21-2750919515-179213914-396351099-1005\Dc2\Reboot.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
This should fix the red X.
Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.
Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.
Restart the computer.

Response Number 32

Name: paltman3
Date: March 21, 2008 at 12:34:22 Pacific

Reply:

You did it...no more red X on my C drive you are the BEST!!! The world needs more people like you...you take time out of YOUR life to help others and I thank you *hug*
Anything you recommend so this does not happen again...

Response Number 33

Name: jabuck
Date: March 21, 2008 at 13:31:05 Pacific

Reply:

If you do not have spywareblaster installed on your computer you should consider adding it to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.

Response Number 34

Name: paltman3
Date: March 21, 2008 at 13:50:48 Pacific

Reply:

Well you definately did that, thanx.
I also have a new problem I posted. I purchased a new XPS ONE and I can not download anything it just will not allow me...

Sponsored Link

Ads by Google

Red X on C Drive - Can yo...

iexplore.exe virus

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Red X on c drive

Red X on C Drive - Can you Help?

Summary

www.computing.net/answers/security/red-x-on-c-drive-can-you-help/22472.html

red x on C drive, posxxx.tmp files

Summary

www.computing.net/answers/security/red-x-on-c-drive-posxxxtmp-files/22331.html

Red X on C Drive + Processes repeat

Summary

www.computing.net/answers/security/red-x-on-c-drive-processes-repeat/22254.html

From the Geek Dictionary
boring - An activity one does that is seemingly repetetive or uninteresting when rea...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
gaberiel knight 3

hardware properties

Lost Files But Did Not Delete Them (HELP!!)

cant find the name of that 90s pc game

How much RAM does your explore.exe use?

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE