Laptop taken over by Virtumonde

Unknown

My son's laptop has been taken over my Virtumonde issues. I have followed all steps suggested. However, when I run Spybot, it finds issues, but is unable to resolve them. It locates problems and attempts to correct them both during normal operation, and when the laptop is rebooted. Programs errors out and has to be terminated.

Attached are the requested logs. Thanks in advance for your help.

HJT Log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:30 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AntiMalwareGuard\amg.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [UADC_1981280121] "C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Trevor Cooke\Local Settings\Temporary Internet Files\Content.IE5\W5KUD5WS\installer_sbd_en[1].exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AntiMalwareGuard] C:\Program Files\AntiMalwareGuard\amg.exe
O4 - HKLM\..\Run: [BMcba57208] Rundll32.exe "C:\WINDOWS\system32\hkvcjjlg.dll",s
O4 - HKLM\..\Run: [c8964194] rundll32.exe "C:\WINDOWS\system32\cqvdeiuc.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12012 bytes


Active Scan Log...


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-22 20:51:52
PROTECTIONS: 2
MALWARE: 57
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 10.02 No No
McAfee SpamKiller 7.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@doubleclick[1].txt
00269445 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052382.exe
00510374 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052362.DLL
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052471.exe
01050806 Generic Malware Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052386.dll
01050839 Generic Malware Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052354.exe
01269206 Application/WinAntiVirus2007 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052384.dll
02320423 Application/AntivirusGolden HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052409.exe
02870155 Application/VirusRanger HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052417.dll
02870162 Application/VirusRanger HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052418.dll
02905337 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052371.dll
02905342 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052370.DLL
02914400 Spyware/Vundo Spyware No 0 Yes No C:\WINDOWS\system32\pbxuhokm.dll
02914400 Spyware/Vundo Spyware No 0 Yes No C:\WINDOWS\system32\vexuosgs.dll
02914400 Spyware/Vundo Spyware No 0 Yes No C:\WINDOWS\system32\oqnimaxg.dll
02928117 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wqpcyalo.dll
02929194 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063957.dll
02929313 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\svcubwjx.dll
02929571 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063983.dll
02929572 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052478.dll
02930048 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052521.dll
02930202 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063954.dll
02935950 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xtafvrek.dll
02937259 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052540.dll
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\jhtssfkv.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\dmsyviyn.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\dmfytatx.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\wbulqkcu.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\ojsedwrr.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\yfopsasa.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\hwgsumkr.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\pqoeiivu.exe
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes Yes C:\WINDOWS\system32\wuoearnh.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes Yes C:\WINDOWS\system32\ybntthnb.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes Yes C:\WINDOWS\system32\rqdejoin.dll
02974549 Trj/KillAV.HY Virus/Trojan No 1 Yes Yes C:\WINDOWS\system32\plnfxlic.dll
02984114 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uditecac.dll
02990116 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063935.dll
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jonrpbmy.dll_old
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063950.dll
02990283 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0060724.dll
02990284 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tnyanhdh.dll
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dabmpfoa.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\piwobedb.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ubkyavqt.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\itnhlmvr.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yyggxxxr.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dmstmcvf.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\anpiwixg.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rrxjyofi.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yweisdqc.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rgwttqwf.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\qtjmxdng.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kokyvbsq.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xcweqrav.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wxbxyqld.exe
02990310 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063938.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063948.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063952.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0054568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052551.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052550.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063958.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063959.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063960.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063973.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063974.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063979.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063980.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0049167.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052542.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063946.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052477.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063945.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0055568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vkawwkmn.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063943.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052479.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vjqkdeff.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052536.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uvtvbver.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063942.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\unkdubiu.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063941.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063949.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063933.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0045135.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ykxnoxmh.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052520.dll
02996446 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\system32\hggffede.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052518.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ubgeecoi.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yidoamqd.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ubfquwey.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052501.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yccnfidi.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052489.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xxokmqoh.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052488.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052487.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0058724.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0057603.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052485.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0057568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\swodnxas.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052480.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0050167.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0056568.dll
03007789 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063947.dll
03007792 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP86\A0063748.dll
03042143 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0064069.dll
03042143 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0064068.dll
03042143 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0065089.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080611.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\vmpadfdc.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080616.dll
03073233 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063892.dll
03073233 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063893.dll
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063984.dll
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\sqjeeonh.dll_old
03073242 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tieexyva.dll
03073242 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063944.dll
03073243 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lwncpgiw.dll_old
03073243 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063955.dll
03073245 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\xkkvdgyr.dll
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jyepwexa.dll
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\sawbiwia.dll_old
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063982.dll
03093196 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\eolowsgm.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nwnnwgqm.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080657.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\cdxtnwug.dll_old
03194906 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jrwadkdc.dll
03215847 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080603.dll
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\jaqnvv.dll
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ypljuqxh.dll
03216425 Trj/Monder.W Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\cetjcsls.dll
03295678 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ftapnuor.dll
03295678 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ziafdr.dll
03295679 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\oipvxxiy.dll
03295679 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080612.dll
03295806 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lujedmin.dll
03295806 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080615.dll
03295806 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\wwrjjuui.dll
03309941 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP86\A0063749.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\lznpyx.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\gxvdvyeq.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\yeohccfg.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fxisdlke.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fpgzox.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fuafvy.dll
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ghoxbvil.dll
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pwfsfj.dll
03346110 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\dahxsm.dll
03346110 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\pihdyndo.dll
03346110 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080609.dll
03346110 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\zdqapp.dll
03346165 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080614.dll
03346165 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\fwwtntob.dll
03361579 Trj/Downloader.MDW Virus/Trojan Yes 2 Yes Yes C:\WINDOWS\system32\ddcdabyw.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location "
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description "
;===================================================================================================================================================================================
;===================================================================================================================================================================================


Kaspersky log follows in next post due to length of posting....

sonoma

Kaspersky log...

Kaspersky Log...

---

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 05:49:53
Records in database: 995158

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 86191
Threat name: 23
Infected objects: 118
Suspicious objects: 0
Duration of the scan: 01:31:26


File name / Threat name / Threats count
C:\WINDOWS\system32\ddcdabyw.dll/C:\WINDOWS\system32\ddcdabyw.dll Infected: Trojan-Downloader.Win32.Agent.ntr 3
C:\WINDOWS\system32\hggffede.dll/C:\WINDOWS\system32\hggffede.dll Infected: Trojan.Win32.Monder.gen 4
C:\WINDOWS\system32\pmpswqon.dll/C:\WINDOWS\system32\pmpswqon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abde 1
C:\Documents and Settings\Trevor Cooke\Local Settings\Temporary Internet Files\Content.IE5\CRB6EGUB\kb671231[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.abmm 1
C:\Documents and Settings\Trevor Cooke\Local Settings\Temporary Internet Files\Content.IE5\X7JGL877\install_en[1].cab Infected: not-a-virus:Downloader.Win32.WinFixer.au 1
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\but for now.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\conerstone less than an hour.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\cornerstone less than an hou.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\in less than an hour.wm Infected: Trojan-Downloader.WMA.Wimad.m 1
C:\WINDOWS\system32\anpiwixg.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\cdxtnwug.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\cucbcovs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aacb 1
C:\WINDOWS\system32\cwnijuri.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\dabmpfoa.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\ddcdabyw.dll Infected: Trojan-Downloader.Win32.Agent.ntr 1
C:\WINDOWS\system32\dmstmcvf.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\dsfweqwf.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\eolowsgm.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fkaeejlx.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\fwwtntob.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aazv 1
C:\WINDOWS\system32\hggffede.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ifjjtp.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ijspauay.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\imtkovnh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\itnhlmvr.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\jajmplut.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jaqnvv.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jonrpbmy.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jqatdosp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abmm 1
C:\WINDOWS\system32\jqcanfdc.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\jrwadkdc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ytl 1
C:\WINDOWS\system32\jyepwexa.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\kokyvbsq.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\kqrcsxba.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aawu 1
C:\WINDOWS\system32\ksinaphy.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.vln 1
C:\WINDOWS\system32\lbupgldm.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\lfeoftqw.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\lsypnxix.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\lujedmin.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aapt 1
C:\WINDOWS\system32\lwncpgiw.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\mgqscnsy.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\micfqqht.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\mledbtns.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\mmmuhkii.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\mpskmkfg.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\nbenywts.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\nowubscx.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ntbjpilr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\nwnnwgqm.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\oipvxxiy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaqw 1
C:\WINDOWS\system32\ojmjksrh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\okxkwava.dll_old Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\oqnimaxg.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\oxgfcgvf.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\pbqkjinf.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\pbxuhokm.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\pdsokumi.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\pgmvva.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\piwobedb.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\pkhxhfjc.dll_old Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\pmpswqon.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abde 1
C:\WINDOWS\system32\pugheetv.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\qbpgxqgg.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\qtjmxdng.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\rgwttqwf.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\rrkgmbxk.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\rrxjyofi.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\rscgtodu.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\sawbiwia.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\sllaksrn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\sqjeeonh.dll_old Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\svcubwjx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qgr 1
C:\WINDOWS\system32\swodnxas.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tdajgrsr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tieexyva.dll Infected: Trojan.Win32.Monder.mj 1
C:\WINDOWS\system32\tnyanhdh.dll Infected: Trojan.Win32.Monder.jy 1
C:\WINDOWS\system32\ubfquwey.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ubgeecoi.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ubkyavqt.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\uditecac.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\uentgbrp.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ughjupgu.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\unkdubiu.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\uoornogh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\upehpkky.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\usstleyu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aani 1
C:\WINDOWS\system32\uvtvbver.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\vbryelwn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\vexuosgs.dll Infected: Trojan.Win32.KillAV.rf 1
C:\WINDOWS\system32\vjqkdeff.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\vkawwkmn.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\vltsgavu.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\vmpadfdc.dll Infected: Trojan.Win32.Monder.mu 1
C:\WINDOWS\system32\vvwdffkw.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\wixpqgke.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\wqpcyalo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qof 1
C:\WINDOWS\system32\wwrjjuui.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aapt 1
C:\WINDOWS\system32\wxbxyqld.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\xcweqrav.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\xkkvdgyr.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xkptgxip.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xnkieywy.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\xtafvrek.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpi 1
C:\WINDOWS\system32\xxokmqoh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\yccnfidi.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ycunsupc.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\yidoamqd.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\yjnddeyg.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ykxnoxmh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ynxmwals.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\ypljuqxh.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\yweisdqc.exe Infected: Trojan.Win32.LowZones.gb 1
C:\WINDOWS\system32\yyggxxxr.exe Infected: Trojan.Win32.LowZones.gb 1

The selected area was scanned.

Katana

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper




Installed Programs

Please could you give me a list of the programs that are installed.

• Start HijackThis
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• MBAM Log
• ComboFix Log
• A Fresh HJT Log
• Installed Programs List
• How are things running now ?

sonoma

Hi Katana,

Thanks for your response, you folks are awesome!!!!

I have followed your suggestions, and the logs follow. It does appear that the pop ups have ceased at this point.

MBAM log...

Malwarebytes' Anti-Malware 1.23
Database version: 998
Windows 5.1.2600 Service Pack 2

10:55:35 AM 7/27/2008
mbam-log-7-27-2008 (10-55-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 112096
Time elapsed: 1 hour(s), 3 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 17
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 115

Memory Processes Infected:
C:\Program Files\AntiMalwareGuard\amg.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\cqvdeiuc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hggffede.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hkvcjjlg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vcotgp.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd236dd-a056-4930-ad95-e1ba57836f20} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd236dd-a056-4930-ad95-e1ba57836f20} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdf2fa61-1458-45f6-984b-1f74d8d8dc0d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bdf2fa61-1458-45f6-984b-1f74d8d8dc0d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b83fcd-9bb7-4b27-b7ec-c4ed24602603} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b83fcd-9bb7-4b27-b7ec-c4ed24602603} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8964194 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmcba57208 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antimalwareguard (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{25b83fcd-9bb7-4b27-b7ec-c4ed24602603} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggffede -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggffede -> Delete on reboot.

Folders Infected:
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trevor Cooke\Application Data\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trevor Cooke\Application Data\DriveCleaner Freeware\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\vcotgp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hggffede.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\edeffggh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\edeffggh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqvdeiuc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cuiedvqc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\talrnutx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtunrlat.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkvcjjlg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\AntiMalwareGuard\amg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052382.exe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052384.dll (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052409.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052410.Dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052418.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052420.dll (Rogue.VirusRanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052478.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052540.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063893.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063955.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063957.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063892.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0064040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0064068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0064069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0065089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0066114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0067162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0067163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0067164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP88\A0067165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP89\A0068206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP89\A0069206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP89\A0069264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP89\A0069265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP90\A0070342.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP90\A0070343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0072343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0072342.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073451.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073452.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP91\A0073494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP92\A0075532.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP92\A0075533.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP93\A0078551.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080550.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080612.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080613.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080614.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080615.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084691.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084697.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084699.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084701.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084702.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cudbrj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pugheetv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dahxsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkaeejlx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oipvxxiy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqcanfdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrvxcrek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbxuhokm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\schifadm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcubwjx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbryelwn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vexuosgs.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntbjpilr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wixpqgke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijspauay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqnimaxg.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxgfcgvf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pihdyndo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdajgrsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmmuhkii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftapnuor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwwtntob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifjjtp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uentgbrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqpcyalo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbupgldm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bakjoskg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkdrhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvwdffkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujedmin.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwncpgiw.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wwrjjuui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnkieywy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtafvrek.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynxmwals.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zdqapp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziafdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjuphytw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rrkgmbxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rscgtodu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalwareGuard\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\BL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\WL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trevor Cooke\Application Data\DriveCleaner Freeware\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcba57208.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcba57208.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trevor Cooke\Desktop\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Trevor Cooke\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnk (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.


Combo fix log ...

ComboFix 08-07-27.5 - Trevor Cooke 2008-07-27 20:53:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.451 [GMT -7:00]
Running from: C:\Documents and Settings\Trevor Cooke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trevor Cooke\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Trevor Cooke\Application Data\macromedia\Flash Player\#SharedObjects\NUBGYQJ9\interclick.com
C:\Documents and Settings\Trevor Cooke\Application Data\macromedia\Flash Player\#SharedObjects\NUBGYQJ9\interclick.com\ud.sol
C:\Documents and Settings\Trevor Cooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Trevor Cooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Trevor Cooke\err.log
C:\Documents and Settings\Trevor Cooke\ResErrors.log
C:\Program Files\Common Files\companion wizard
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\agytikuf.ini
C:\WINDOWS\system32\amsxdfax.ini
C:\WINDOWS\system32\anpiwixg.exe
C:\WINDOWS\system32\bcvnjhsn.ini
C:\WINDOWS\system32\bgihtrum.ini
C:\WINDOWS\system32\birbmcrf.ini
C:\WINDOWS\system32\bosdhmkd.ini
C:\WINDOWS\system32\cankuxfn.ini
C:\WINDOWS\system32\cgbiydfm.ini
C:\WINDOWS\system32\cucbcovs.dll
C:\WINDOWS\system32\cwnijuri.dll
C:\WINDOWS\system32\cyahxprs.dll
C:\WINDOWS\system32\dabmpfoa.exe
C:\WINDOWS\system32\delqrwcn.ini
C:\WINDOWS\system32\dmstmcvf.exe
C:\WINDOWS\system32\dsfweqwf.dll
C:\WINDOWS\system32\efaanapi.ini
C:\WINDOWS\system32\efsmgsbt.ini
C:\WINDOWS\system32\eniiikwl.ini
C:\WINDOWS\system32\eolowsgm.dll
C:\WINDOWS\system32\eukqncwv.ini
C:\WINDOWS\system32\fpgzox.dll
C:\WINDOWS\system32\fuafvy.dll
C:\WINDOWS\system32\fvmcsweq.ini
C:\WINDOWS\system32\fxisdlke.dll
C:\WINDOWS\system32\gbqrwscs.ini
C:\WINDOWS\system32\ghoxbvil.dll
C:\WINDOWS\system32\gruiklox.ini
C:\WINDOWS\system32\gtnljimy.ini
C:\WINDOWS\system32\gvtfombb.ini
C:\WINDOWS\system32\gxvdvyeq.dll
C:\WINDOWS\system32\hcfmjspg.ini
C:\WINDOWS\system32\hiedkbqe.ini
C:\WINDOWS\system32\hmllfjvg.dll
C:\WINDOWS\system32\hqikxjmk.ini
C:\WINDOWS\system32\hsxjemjf.ini
C:\WINDOWS\system32\ifslkdsh.ini
C:\WINDOWS\system32\iluitems.ini
C:\WINDOWS\system32\imtkovnh.dll
C:\WINDOWS\system32\inuyxnrr.ini
C:\WINDOWS\system32\iqbakxrw.ini
C:\WINDOWS\system32\itnhlmvr.exe
C:\WINDOWS\system32\jajmplut.dll
C:\WINDOWS\system32\jaqnvv.dll
C:\WINDOWS\system32\jdcqxvxh.ini
C:\WINDOWS\system32\jjjcsd.dll
C:\WINDOWS\system32\jmcmswpb.ini
C:\WINDOWS\system32\jqatdosp.dll
C:\WINDOWS\system32\jrwadkdc.dll
C:\WINDOWS\system32\jwtnayfv.ini
C:\WINDOWS\system32\jyepwexa.dll
C:\WINDOWS\system32\kbltwfxd.ini
C:\WINDOWS\system32\kcmmchho.ini
C:\WINDOWS\system32\kkjtwaod.ini
C:\WINDOWS\system32\kojujynk.ini
C:\WINDOWS\system32\kokyvbsq.exe
C:\WINDOWS\system32\kqrcsxba.dll
C:\WINDOWS\system32\lfeoftqw.dll
C:\WINDOWS\system32\lmdjjpne.ini
C:\WINDOWS\system32\lrgqwgej.ini
C:\WINDOWS\system32\lskdrvyx.ini
C:\WINDOWS\system32\lsypnxix.dll
C:\WINDOWS\system32\lwhdathi.ini
C:\WINDOWS\system32\lznpyx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgqscnsy.dll
C:\WINDOWS\system32\mhouwgkq.ini
C:\WINDOWS\system32\mlagbqkc.ini
C:\WINDOWS\system32\mledbtns.dll
C:\WINDOWS\system32\mlinbggf.ini
C:\WINDOWS\system32\mpskmkfg.dll
C:\WINDOWS\system32\nbenywts.dll
C:\WINDOWS\system32\ncnasofy.ini
C:\WINDOWS\system32\nemmdntm.ini
C:\WINDOWS\system32\nfqghhwc.ini
C:\WINDOWS\system32\ngilagdu.ini
C:\WINDOWS\system32\nnbxlluy.ini
C:\WINDOWS\system32\nowubscx.dll
C:\WINDOWS\system32\nwnnwgqm.dll
C:\WINDOWS\system32\pbqkjinf.dll
C:\WINDOWS\system32\pdsokumi.dll
C:\WINDOWS\system32\pgmvva.dll
C:\WINDOWS\system32\pgmxsttw.ini
C:\WINDOWS\system32\piwobedb.exe
C:\WINDOWS\system32\pmpswqon.dll
C:\WINDOWS\system32\poydvb.dll
C:\WINDOWS\system32\ppdyjrlx.ini
C:\WINDOWS\system32\pumjergu.ini
C:\WINDOWS\system32\pwfsfj.dll
C:\WINDOWS\system32\qavrvtir.ini
C:\WINDOWS\system32\qbpgxqgg.dll
C:\WINDOWS\system32\qbwpyqlb.ini
C:\WINDOWS\system32\qdlfxjwt.ini
C:\WINDOWS\system32\qfnwkwrr.dll
C:\WINDOWS\system32\qpcmqyqp.ini
C:\WINDOWS\system32\qtjmxdng.exe
C:\WINDOWS\system32\rgwttqwf.exe
C:\WINDOWS\system32\rrxjyofi.exe
C:\WINDOWS\system32\rufqtoka.ini
C:\WINDOWS\system32\sbyggpfg.ini
C:\WINDOWS\system32\sllaksrn.dll
C:\WINDOWS\system32\stujphey.ini
C:\WINDOWS\system32\swodnxas.dll
C:\WINDOWS\system32\thqtbfbj.ini
C:\WINDOWS\system32\tieexyva.dll
C:\WINDOWS\system32\tnyanhdh.dll
C:\WINDOWS\system32\txsoomsc.ini
C:\WINDOWS\system32\tylkeour.ini
C:\WINDOWS\system32\ubfquwey.dll
C:\WINDOWS\system32\ubgeecoi.dll
C:\WINDOWS\system32\ubkyavqt.exe
C:\WINDOWS\system32\uditecac.dll
C:\WINDOWS\system32\ughjupgu.dll
C:\WINDOWS\system32\unkdubiu.dll
C:\WINDOWS\system32\unvihlkg.ini
C:\WINDOWS\system32\uoornogh.dll
C:\WINDOWS\system32\upehpkky.dll
C:\WINDOWS\system32\usstleyu.dll
C:\WINDOWS\system32\uvtvbver.dll
C:\WINDOWS\system32\uwmxldni.ini
C:\WINDOWS\system32\uxemfimi.ini
C:\WINDOWS\system32\vjqkdeff.dll
C:\WINDOWS\system32\vkawwkmn.dll
C:\WINDOWS\system32\vmdrgsco.ini
C:\WINDOWS\system32\vmpadfdc.dll
C:\WINDOWS\system32\vrqrrsjt.ini
C:\WINDOWS\system32\wgtixkue.ini
C:\WINDOWS\system32\wnxlxxmv.ini
C:\WINDOWS\system32\wxbxyqld.exe
C:\WINDOWS\system32\xbcddggh.ini
C:\WINDOWS\system32\xbcddggh.ini2
C:\WINDOWS\system32\xcweqrav.exe
C:\WINDOWS\system32\xgxmkgud.ini
C:\WINDOWS\system32\xjgnctsb.ini
C:\WINDOWS\system32\xkkvdgyr.dll
C:\WINDOWS\system32\xkptgxip.dll
C:\WINDOWS\system32\xtwctlwj.ini
C:\WINDOWS\system32\xvemhvkt.ini
C:\WINDOWS\system32\xxokmqoh.dll
C:\WINDOWS\system32\yahoqciw.ini
C:\WINDOWS\system32\yccnfidi.dll
C:\WINDOWS\system32\yeohccfg.dll
C:\WINDOWS\system32\yidoamqd.dll
C:\WINDOWS\system32\yjnddeyg.dll
C:\WINDOWS\system32\ykxnoxmh.dll
C:\WINDOWS\system32\yolmwwxa.ini
C:\WINDOWS\system32\youkvmkj.ini
C:\WINDOWS\system32\ypljuqxh.dll
C:\WINDOWS\system32\yurytdti.ini
C:\WINDOWS\system32\yweisdqc.exe
C:\WINDOWS\system32\yxdfdosy.ini
C:\WINDOWS\system32\yyggxxxr.exe
C:\WINDOWS\temp\perflib_perfdata_1cc.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-27 09:48 . 2008-07-27 09:48 <DIR> d

---

C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 09:48 . 2008-07-27 09:48 <DIR> d

---

C:\Documents and Settings\Trevor Cooke\Application Data\Malwarebytes
2008-07-27 09:48 . 2008-07-27 09:48 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 09:48 . 2008-07-23 20:09 38,472 --a

---

C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 09:48 . 2008-07-23 20:09 17,144 --a

---

C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 12:06 . 2008-07-26 12:06 <DIR> d

---

C:\Program Files\Trend Micro
2008-07-22 21:00 . 2008-06-10 02:32 73,728 --a

---

C:\WINDOWS\system32\javacpl.cpl
2008-07-22 18:13 . 2008-06-19 17:24 28,544 --a

---

C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-21 22:33 . 2008-07-22 18:13 <DIR> d

---

C:\Program Files\Panda Security
2008-07-21 22:24 . 2008-07-21 22:26 <DIR> d

---

C:\Program Files\SpywareBlaster
2008-07-18 23:10 . 2008-07-27 13:38 24,423 --a

---

C:\logfile
2008-07-18 22:34 . 2008-07-18 22:34 <DIR> d

---

C:\WINDOWS\system32\BWKDLogs
2008-07-18 22:32 . 2008-07-18 22:32 <DIR> d

---

C:\Program Files\Common Files\Kodak
2008-07-18 22:12 . 2008-07-18 22:33 <DIR> d

---

C:\Program Files\Kodak
2008-06-28 13:03 . 2008-07-27 13:32 54,156 --ah

---

C:\WINDOWS\QTFont.qfn
2008-06-28 13:03 . 2008-06-28 13:03 1,409 --a

---

C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 04:00

---

d

---

w C:\Program Files\Java
2008-07-19 05:43

---

d

---

w C:\Program Files\QuickTime
2008-07-19 05:40

---

d

---

w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-04 00:02 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-26 02:53 111,680 ----a-w C:\WINDOWS\system32\ojmjksrh.dll
2008-06-04 22:38 54,312 ----a-w C:\Documents and Settings\Trevor Cooke\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24 20480]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56 602182]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48 761947]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 13:30 58992]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 14:05 1537696]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16 1121792]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 10:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-15 11:01 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-01 05:54:44 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 05:10:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cdcb53d-eee0-11db-9562-001302b32fdc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-19 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\rundll32.exe [2004-08-04 03:00]

2008-07-27 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (TREVORCOOKE-Trevor Cooke).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{80C701E9-CE9A-4DB2-AF0A-27EF8411F9D7} - C:\WINDOWS\system32\hggddcbx.dll
HKLM-Run-UADC_1981280121 - C:\Program Files\AdvancedCleaner Free\UADCcw.exe
Notify-ddcdabyw - ddcdabyw.dll


.

---

Supplementary Scan

---

.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 20:56:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-27 20:58:06
ComboFix-quarantined-files.txt 2008-07-28 03:58:00

Pre-Run: 34,295,336,960 bytes free
Post-Run: 34,216,882,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

327 --- E O F --- 2008-04-09 17:39:08


HJT log ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:36 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11669 bytes


HJT Installed program list follows in next post.

sonoma

HJT installed program lists..

Ad-Aware 2007
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
AOLIcon
Banctec Service Agreement
Broadcom Management Programs
CCScore
Conexant HDA D110 MDC V.92 Modem
Consumer Complete Care Services Agreement
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center
DellSupport
Digital Content Portal
Digital Line Detect
DiscAPI (Studio 10)
DivX
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
iPod for Windows 2006-01-10
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Uninstaller
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
netbrdg
NetWaiting
NetZeroInstallers
Norton Ghost 10.0
Notifier
OCR Software by I.R.I.S 7.0
OfotoXMI
Panda ActiveScan 2.0
PCDADDIN
PCDHELP
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
PowerDVD 5.7
proDAD Heroglyph 2.5
Quantum Media Player 06071909
QuickSet
QuickTime
RAPID (Studio 10)
RealPlayer
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SFR
SHASTA
SKIN0001
SKINXSDK
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.1
staticcr
Studio 10
Studio 10 Bonus DVD
Synaptics Pointing Device Driver
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
URL Assistant
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WIRELESS
WordPerfect Office 12

Katana

WOW !!! that got rid of a lot of trash :lol:


OTMoveIt
Please download OTMoveIt2 by OldTimer and save it to your desktop

• Double-click OTMoveIt2.exe to run it.
• Copy the lines in the codebox below.

C:\WINDOWS\system32\ojmjksrh.dll
C:\WINDOWS\system32\cdxtnwug.dll_old
C:\WINDOWS\system32\ddcdabyw.dll
C:\WINDOWS\system32\jonrpbmy.dll_old
C:\WINDOWS\system32\ksinaphy.dll_old
C:\WINDOWS\system32\micfqqht.dll_old
C:\WINDOWS\system32\ojmjksrh.dll
C:\WINDOWS\system32\okxkwava.dll_old
C:\WINDOWS\system32\pkhxhfjc.dll_old
C:\WINDOWS\system32\sawbiwia.dll_old
C:\WINDOWS\system32\sqjeeonh.dll_old
C:\WINDOWS\system32\vltsgavu.dll
C:\WINDOWS\system32\ycunsupc.dll
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\but for now.wm
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\conerstone less than an hour.wm
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\cornerstone less than an hou.wm
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\in less than an hour.wm

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small Save button and save the report to your desktop.
• Please post the report in your reply.

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

• Adobe Reader 7.0.8
• Java 2 Runtime Environment, SE v1.4.2_03

Now close the Control Panel.

sonoma

Thanks again Katana ... I chose to keep watching TV while the active scan ran LOL

Attached are the requested logs, and I completed the update of Adobe, and the removal of Java.

MoveIt log ...


DllUnregisterServer procedure not found in C:\WINDOWS\system32\ojmjksrh.dll
C:\WINDOWS\system32\ojmjksrh.dll NOT unregistered.
C:\WINDOWS\system32\ojmjksrh.dll moved successfully.
C:\WINDOWS\system32\cdxtnwug.dll_old moved successfully.
File/Folder C:\WINDOWS\system32\ddcdabyw.dll not found.
C:\WINDOWS\system32\jonrpbmy.dll_old moved successfully.
C:\WINDOWS\system32\ksinaphy.dll_old moved successfully.
C:\WINDOWS\system32\micfqqht.dll_old moved successfully.
File/Folder C:\WINDOWS\system32\ojmjksrh.dll not found.
C:\WINDOWS\system32\okxkwava.dll_old moved successfully.
C:\WINDOWS\system32\pkhxhfjc.dll_old moved successfully.
C:\WINDOWS\system32\sawbiwia.dll_old moved successfully.
C:\WINDOWS\system32\sqjeeonh.dll_old moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vltsgavu.dll
C:\WINDOWS\system32\vltsgavu.dll NOT unregistered.
C:\WINDOWS\system32\vltsgavu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ycunsupc.dll
C:\WINDOWS\system32\ycunsupc.dll NOT unregistered.
C:\WINDOWS\system32\ycunsupc.dll moved successfully.
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\but for now.wm moved successfully.
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\conerstone less than an hour.wm moved successfully.
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\cornerstone less than an hou.wm moved successfully.
C:\Documents and Settings\Trevor Cooke\My Documents\My Music\in less than an hour.wm moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07282008_193351


Active scan log ...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-28 20:48:13
PROTECTIONS: 2
MALWARE: 42
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 10.02 No No
McAfee SpamKiller 7.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@tribalfusion[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@burstnet[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@advertising[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@realmedia[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Trevor Cooke\Cookies\trevor_cooke@adrevolver[2].txt
00510374 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052362.DLL
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052471.exe
02870155 Application/VirusRanger HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052417.dll
02905337 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052371.dll
02905342 Application/BarreraIntegral HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052370.DLL
02929571 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063983.dll
02930202 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063954.dll
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084695.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084696.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084692.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084694.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084703.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084700.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084693.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP95\A0084698.exe
02984114 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088859.dll
02984114 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\uditecac.dll.vir
02990116 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063935.dll
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193351\WINDOWS\system32\jonrpbmy.dll_old
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193902\WINDOWS\system32\jonrpbmy.dll_old
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063950.dll
02990125 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193721\WINDOWS\system32\jonrpbmy.dll_old
02990283 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0060724.dll
02990284 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tnyanhdh.dll.vir
02990284 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088855.dll
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\kokyvbsq.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ubkyavqt.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088812.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\itnhlmvr.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088822.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088829.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088843.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088849.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088870.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xcweqrav.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088850.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088807.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088851.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088880.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088881.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\rrxjyofi.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088858.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yweisdqc.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yyggxxxr.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dabmpfoa.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\rgwttqwf.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088869.exe
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\anpiwixg.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qtjmxdng.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\wxbxyqld.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\piwobedb.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dmstmcvf.exe.vir
02990293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088811.exe
02990310 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063938.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052480.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052485.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052487.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052488.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052489.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052501.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052518.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0052520.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052536.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052542.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052550.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0052551.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0054568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0055568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0056568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0057568.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0057603.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP85\A0058724.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0050167.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088857.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088856.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063933.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0049167.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052479.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063941.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063942.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063943.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0045135.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063945.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063946.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088853.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063948.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063949.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ykxnoxmh.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063952.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yidoamqd.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063958.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063959.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063960.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063973.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063974.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063979.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063980.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yccnfidi.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xxokmqoh.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088861.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088865.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vkawwkmn.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vjqkdeff.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\uvtvbver.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\unkdubiu.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ubgeecoi.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ubfquwey.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088866.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\swodnxas.dll.vir
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088867.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088873.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088874.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088876.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088878.dll
02996446 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0052477.dll
03007789 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063947.dll
03007792 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP86\A0063748.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080611.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088868.dll
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vmpadfdc.dll.vir
03042676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080616.dll
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063984.dll
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193721\WINDOWS\system32\sqjeeonh.dll_old
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193351\WINDOWS\system32\sqjeeonh.dll_old
03073234 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193902\WINDOWS\system32\sqjeeonh.dll_old
03073242 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088854.dll
03073242 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tieexyva.dll.vir
03073242 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063944.dll
03073245 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xkkvdgyr.dll.vir
03073245 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088871.dll
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193351\WINDOWS\system32\sawbiwia.dll_old
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jyepwexa.dll.vir
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0063982.dll
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193902\WINDOWS\system32\sawbiwia.dll_old
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193721\WINDOWS\system32\sawbiwia.dll_old
03074882 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088828.dll
03093196 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\eolowsgm.dll.vir
03093196 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088814.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088839.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193351\WINDOWS\system32\cdxtnwug.dll_old
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080657.dll
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193721\WINDOWS\system32\cdxtnwug.dll_old
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\_OTMoveIt\MovedFiles\07282008_193902\WINDOWS\system32\cdxtnwug.dll_old
03093197 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nwnnwgqm.dll.vir
03194906 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088827.dll
03194906 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jrwadkdc.dll.vir
03215847 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP94\A0080603.dll
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088824.dll
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\jaqnvv.dll.vir
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ypljuqxh.dll.vir
03215850 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088879.dll
03309941 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP86\A0063749.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088875.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\gxvdvyeq.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088833.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088817.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fxisdlke.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yeohccfg.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fuafvy.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lznpyx.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088815.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088816.dll
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fpgzox.dll.vir
03310068 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088819.dll
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\pwfsfj.dll.vir
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088818.dll
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0088846.dll
03346094 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ghoxbvil.dll.vir
03361579 Trj/Downloader.MDW Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP96\A0085646.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location n
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description n
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Katana

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  
  • 

You can also delete any logs we have produced, and empty your Recycle bin.

Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Delete any logs we have produced and empty your recycle bin




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is

not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

• It includes host protection and registry protection
• A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner



Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
     
     • Change the Download signed ActiveX controls to Prompt
     • Change the Download unsigned ActiveX controls to Disable
     • Change the Initialise and script ActiveX controls not marked as safe to Disable
     • Change the Installation of desktop items to Prompt
     • Change the Launching programs and files in an IFRAME to Prompt
     • Change the Navigate sub-frames across different domains to Prompt
     • When all these settings have been made, click on the OK button.
     • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

• FireFox
  • With many addons available that make customization easy this is a very popular choice
  • NoScript and AdBlockPlus addons are essential
• Opera
  • Another popular alternative
• Netscape
  • Another popular alternative
  • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

sonoma

Thanks for all of your help. It is greatly appreciated, and you folks are truly great.

I followed your clean up and protection instructions. However, it appears to have created a new problem. I believe it started after I downloaded the hosts program. Now some of the webpages I try to open, start to open, then revert to the following:

Sorry, we couldn't find http://pagead2.googlesyndication.com/pagead/ads%3Fclient

It does this when I attempt to get onto the icrontic site, and it also does it when I attempt to download AntiVir.

Other than that, things seem to be real good.

Thanks

Katana

That's curious ???

Restore Host File

Download HostsXpert v4.1 and unzip it to your desktop.

• Double click on HostsXpert.exe to launch the program.
• Click on Restore MS Hosts File to restore your Hosts file to its default condition.
• Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
• Exit the program.

Visit the Website for more information.

sonoma

Thanks for all of your help Katana, everything appears to be working great now. You folks are great!!!

Katana

Glad we could be of assistance! This topic is now closed.

If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead