Vundo, C: Red X, POS tmp files

January 30, 2008 at 19:07:17
Specs: Windows XP SP2, 1.6 GHZ
I have the same thing with the new Vundo Virus thats been going around. C drive has a Red X and POS tmp files keep popping up.

I have disabled my system restore and ran Vundofix.exe

The program found about 7 files and removed them all.

I will proceed with posting the HijackThis and Combofix logs once jabuck or someone else is able to reply.

Thanks!


See More: Vundo, C: Red X, POS tmp files

Report •


#1
January 30, 2008 at 19:10:52
Please post your Hijack This log and your Combofix log.

Report •

#2
January 30, 2008 at 19:39:16
How long should the combofix program run? I tried running it since your response and it is just sitting at a DOS command prompt with a ".".

Report •

#3
January 30, 2008 at 19:50:13
No longer than 20 minutes max.

Go to start> run> type in combofix /u (note the space after combofix) the press ok.

Download a new fresh copy of Combofix and try running it again.


Report •

Related Solutions

#4
January 30, 2008 at 20:34:07
Here are the two log files. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:43 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\JVOURIS\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: (no name) - {30180552-E0BE-40C9-BA44-C40457AA3F43} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} (MEDITECHAppDwnld) - http://intranet/pchelp/MTAppDwn.exe
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: hgghggh - hgghggh.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9669 bytes


ComboFix 08-01-31.3 - JVOURIS 2008-01-30 23:07:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.408 [GMT -5:00]
Running from: C:\Documents and Settings\JVOURIS\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\WINDOWS\system32\qciqokby.ini
E:\Autorun.inf . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://update.pdfcomplete.com
hxxp://mtwsus.meditech.com
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-30 21:03 . 2008-01-30 21:03 <DIR> d-------- C:\VundoFix Backups
2008-01-22 23:13 . 2008-01-22 23:13 <DIR> d-------- C:\Documents and Settings\JVOURIS\Application Data\gtk-2.0
2008-01-15 17:58 . 2008-01-15 17:58 <DIR> d-------- C:\Program Files\iPod
2008-01-15 17:13 . 2008-01-15 17:14 <DIR> d-------- C:\Program Files\EDIdEv
2008-01-14 14:02 . 2007-10-29 17:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-01-14 14:02 . 2007-07-06 07:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-01-14 14:02 . 2007-07-06 07:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-01-14 14:02 . 2007-07-06 07:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-01-14 14:02 . 2007-07-06 07:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-01-14 14:02 . 2007-07-06 07:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-01-14 14:02 . 2007-07-06 05:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-01-14 14:02 . 2007-07-06 07:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-01-14 14:02 . 2007-07-06 07:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-01-14 14:02 . 2007-07-06 07:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 11:37 . 2008-01-10 11:37 <DIR> d-------- C:\Program Files\TextPad 5
2008-01-10 11:37 . 2008-01-10 11:37 <DIR> d-------- C:\Documents and Settings\JVOURIS\Application Data\Helios
2008-01-04 10:12 . 2008-01-30 03:04 <DIR> d-------- C:\quarantine
2008-01-04 10:10 . 2008-01-04 10:10 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-19 17:10 . 2007-12-19 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-19 16:58 . 2007-12-19 16:58 <DIR> d-------- C:\Program Files\Bonjour
2007-12-19 16:46 . 2007-12-19 16:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-19 16:43 . 2008-01-30 12:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-12 07:52 . 2007-12-12 07:52 <DIR> d-------- C:\Program Files\MSBuild
2007-12-12 07:48 . 2007-12-15 03:24 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-12 07:48 . 2007-12-12 07:48 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-12 07:46 . 2006-11-13 01:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-12-12 07:46 . 2006-11-13 01:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-12-12 07:46 . 2006-11-13 01:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-12-12 07:46 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-12-10 10:16 . 2007-12-10 10:16 512 --a------ C:\WINDOWS\randseed.rnd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 01:52 --------- d-----w C:\Documents and Settings\JVOURIS\Application Data\.purple
2008-01-23 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-17 18:11 --------- d-----w C:\Documents and Settings\JVOURIS\Application Data\Move Networks
2008-01-15 22:58 --------- d-----w C:\Program Files\iTunes
2008-01-15 22:56 --------- d-----w C:\Program Files\QuickTime
2008-01-13 22:10 --------- d-----w C:\Program Files\MEDITECH
2007-11-29 14:17 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30180552-E0BE-40C9-BA44-C40457AA3F43}]
C:\WINDOWS\system32\ssttt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 15:26 484904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 11:36 872448]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 09:12 729088]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 10:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 17:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 08:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 18:17 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 12:12 17920]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 09:52 57344]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00 192512]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 03:06 136768]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 07:00 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-04 03:00 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 14:14:00 561213]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-10-02 17:45:36 192512]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-11-26 20:18:37 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghggh]
hgghggh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-02-07 13:22]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 15:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 18:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-07 13:23]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:00]
R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-03-29 19:50]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 10:38]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 11:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - ENTDRV51
*Newly Created Service* - HTTPFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 16:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:20:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
r Running Proce
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-01-30 23:25:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 04:24:56
.
2008-01-23 08:01:27 --- E O F ---


Report •

#5
January 31, 2008 at 03:40:51
Open Notepad and copy/paste everything between the X"s into it and make sure "Registry::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30180552-E0BE-40C9-BA44-C40457AA3F43}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghggh]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.


Report •

#6
January 31, 2008 at 06:59:38
I saved the notepad file to my desktop and dragged it onto ComboFix.exe. The Dos prompt window launched, but it just sits there and nothing happened...

Any ideas what I did wrong?


Report •

#7
January 31, 2008 at 14:11:20
No, but run the combofix /u command again and download combofix again, then try the suggestion in my last post.

Report •

#8
January 31, 2008 at 21:53:44
ComboFix 08-02.01.1 - JVOURIS 2008-01-31 18:58:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.412 [GMT -5:00]
Running from: C:\Documents and Settings\JVOURIS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JVOURIS\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
E:\Autorun.inf . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://update.pdfcomplete.com

.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-01-31 17:38 . 2008-01-31 17:38 <DIR> d-------- C:\VundoFix Backups
2008-01-22 23:13 . 2008-01-22 23:13 <DIR> d-------- C:\Documents and Settings\JVOURIS\Application Data\gtk-2.0
2008-01-15 17:58 . 2008-01-15 17:58 <DIR> d-------- C:\Program Files\iPod
2008-01-15 17:13 . 2008-01-15 17:14 <DIR> d-------- C:\Program Files\EDIdEv
2008-01-14 14:02 . 2007-10-29 17:43 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-01-14 14:02 . 2007-07-06 07:46 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll
2008-01-14 14:02 . 2007-07-06 07:46 471,552 --------- C:\WINDOWS\system32\dllcache\mqutil.dll
2008-01-14 14:02 . 2007-07-06 07:46 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll
2008-01-14 14:02 . 2007-07-06 07:46 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll
2008-01-14 14:02 . 2007-07-06 07:46 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll
2008-01-14 14:02 . 2007-07-06 05:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys
2008-01-14 14:02 . 2007-07-06 07:46 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-01-14 14:02 . 2007-07-06 07:46 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-01-14 14:02 . 2007-07-06 07:46 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 11:37 . 2008-01-10 11:37 <DIR> d-------- C:\Program Files\TextPad 5
2008-01-10 11:37 . 2008-01-10 11:37 <DIR> d-------- C:\Documents and Settings\JVOURIS\Application Data\Helios
2008-01-04 10:12 . 2008-01-30 03:04 <DIR> d-------- C:\quarantine
2008-01-04 10:10 . 2008-01-04 10:10 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 22:24 --------- d-----w C:\Documents and Settings\JVOURIS\Application Data\.purple
2008-01-30 17:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-17 18:11 --------- d-----w C:\Documents and Settings\JVOURIS\Application Data\Move Networks
2008-01-15 22:58 --------- d-----w C:\Program Files\iTunes
2008-01-15 22:56 --------- d-----w C:\Program Files\QuickTime
2008-01-13 22:10 --------- d-----w C:\Program Files\MEDITECH
2007-12-19 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-19 21:58 --------- d-----w C:\Program Files\Bonjour
2007-12-19 21:46 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-12 12:52 --------- d-----w C:\Program Files\MSBuild
2007-12-12 12:48 --------- d-----w C:\Program Files\Reference Assemblies
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 15:26 484904]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 11:36 872448]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 09:12 729088]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 10:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 17:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 08:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 18:17 163840]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 12:12 17920]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 09:52 57344]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00 192512]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 03:06 136768]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 07:00 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-04 03:00 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 14:14:00 561213]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-10-02 17:45:36 192512]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-11-26 20:18:37 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-02-07 13:22]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 15:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 18:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-07 13:23]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:00]
R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-03-29 19:50]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 10:38]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 11:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASChannel


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 16:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 19:07:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
r Running Proce
.
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2008-02-01 19:12:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 00:12:09
ComboFix2.txt 2008-01-31 14:51:57
.
2008-01-23 08:01:27 --- E O F ---

BitDefender Online Scanner


Scan report generated at: Fri, Feb 01, 2008 - 20:54:42



Scan path: C:\;D:\;E:\;




Statistics

Time

01:32:52

Files

565535

Folders

13492

Boot Sectors

3

Archives

9605

Packed Files

60234


Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1


Engines Info

Virus Definitions

978470

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5


Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes



Scanned File

Status

C:\Documents and Settings\JVOURIS\Desktop\Adobe Dreamweaver CS3 .rar=>crack.exe

Infected with: Trojan.Mezzia.CY

C:\Documents and Settings\JVOURIS\Desktop\Adobe Dreamweaver CS3 .rar=>crack.exe

Disinfection failed

C:\Documents and Settings\JVOURIS\Desktop\Adobe Dreamweaver CS3 .rar=>crack.exe

Deleted

C:\Documents and Settings\JVOURIS\Desktop\Adobe Dreamweaver CS3 .rar

Update failed


Report •

#9
February 1, 2008 at 13:40:55
i have the same problem. where can i post my logs?

Report •

#10
February 1, 2008 at 19:30:56
This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

How it the computer operating?


Report •

#11
February 14, 2008 at 20:48:02
I have the dreaded POS**.tmp files filling up my HDD.
I tried System Restore, but it went through all the actions then failed
Can someone please post trusted links to ....
Vundofix.exe, and any other things we might need to fix this.
THANK YOU !!!
JonD


Report •

#12
February 15, 2008 at 19:51:43
JonD, please start a new thread (post of your own). Just state your problem and don't post any logs until requested to.

Report •


Ask Question