Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I caught something! Func.exe?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Nummol » June 29th, 2007, 8:56 pm

Firstly, I uploaded the file to uploadmalware.

Secondly, I did the HJT scan, but mysteriously, the entry had changed itself from the "O4 - HKLM\..\Run: [icq.com] rundll32.exe" C:\WINDOWS\system32\gtjjxarg.dll",forkonce" to this "O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xmubeiho.dll",forkonce"

So I fixed the new one, and deleted the old one... I did NOT delete the xmubeiho.dll though.

Second, I couldn't get the panda activescan to work. I would follow your link to the site, click the Scan your PC button... then it would bring up a small window that I could not resize or scroll. It wasn't big enough to see the page.. So I couldn't see what I was filling out. So right clicked the window, went to properties, got the URL... then I pasted it into another window. I filled out the form and hit scan. After I hit scan, it would direct me to http://www.pandasoftware.com. So I couldn't actually get it to scan.

Also, if it helps, the popups have lessened by far, but they have been replaced by a vertical banner add on the left side of all websites viewed with Internet Explorer. They all advirtise WinAntiVirus Pro.

Uh... I think thats everything.. I hope this helps..
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm
Advertisement
Register to Remove

Unread postby Navigator » June 30th, 2007, 1:46 pm

Nummol wrote:Firstly, I uploaded the file to uploadmalware.

Secondly, I did the HJT scan, but mysteriously, the entry had changed itself from the "O4 - HKLM\..\Run: [icq.com] rundll32.exe" C:\WINDOWS\system32\gtjjxarg.dll",forkonce" to this "O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xmubeiho.dll",forkonce"

So I fixed the new one, and deleted the old one... I did NOT delete the xmubeiho.dll though.

Second, I couldn't get the panda activescan to work. I would follow your link to the site, click the Scan your PC button... then it would bring up a small window that I could not resize or scroll. It wasn't big enough to see the page.. So I couldn't see what I was filling out. So right clicked the window, went to properties, got the URL... then I pasted it into another window. I filled out the form and hit scan. After I hit scan, it would direct me to http://www.pandasoftware.com. So I couldn't actually get it to scan.

Also, if it helps, the popups have lessened by far, but they have been replaced by a vertical banner add on the left side of all websites viewed with Internet Explorer. They all advirtise WinAntiVirus Pro.

Uh... I think thats everything.. I hope this helps..


Hmmm...morphing Vundo. I need to see another HJT log, you didn't post one with your last reply.

Go ahead and delete the new file:C:\WINDOWS\system32\xmubeiho.dll.

Then, give me another HJT log to review...let's see if it morphs again. We may need to dig deeper to see what is propagating this thing. I'm going to have to check some stuff on this Vundo variant...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Nummol » June 30th, 2007, 6:44 pm

Looks mysteriously clean from an untrained eye.

Logfile of HijackThis v1.99.1
Scan saved at 6:43:40 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .3.102.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/vir ... lient1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://legend.bit0.com/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://studentantivirus.shepherd.edu:8088/webinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Nummol » June 30th, 2007, 8:36 pm

I just experienced something that I figured was important or weird enough to inform you about.

My computer has been playing an endless amount of techno music for over 30 minutes now. I finally figured where it was coming from, closed the process and it crashed my computer. No popups or anything, just music coming from nowhere.
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Navigator » July 1st, 2007, 12:13 am

Nummol wrote:I just experienced something that I figured was important or weird enough to inform you about.

My computer has been playing an endless amount of techno music for over 30 minutes now. I finally figured where it was coming from, closed the process and it crashed my computer. No popups or anything, just music coming from nowhere.


Yes, your HJT 'appears' clean...but I'd feel better if we could get an online scan.

The techno music thing is weird....you stated you found out where it was coming from...where was it coming from and what process did you close? Never heard of malware causing anythng like that.

Let's try to get a Kaspersky scan and check for a rootkit:

1. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

2. Please download F-Secure Blacklight (fsbl.exe) from here

  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic


Post the Kaspersky Scan results and the Blacklight log...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Nummol » July 1st, 2007, 12:19 am

The music thing was explorer.exe..

Thats why I didn't see it at first, was overlooking it since it looked normal. I didn't have ANY windows open. So I manually closed it from task manager and the computer completely crashed. Doing your instructions now.
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Nummol » July 1st, 2007, 2:11 am

Here it is.. Kapersky first.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 01, 2007 1:49:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/07/2007
Kaspersky Anti-Virus database records: 356096
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 95929
Number of viruses found: 12
Number of infected objects: 47
Number of suspicious objects: 0
Duration of the scan process: 01:19:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{E01CE4BC-DA1B-4975-9054-020985400C37}.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{E01CE4BC-DA1B-4975-9054-020985400C37}.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{E01CE4BC-DA1B-4975-9054-020985400C37}.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{E01CE4BC-DA1B-4975-9054-020985400C37}.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\acdt68[1].exe.bac_a03040/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\acdt68[1].exe.bac_a03040 NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\acdt68[1].exe.bac_a03040 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\b.bac_a03040/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\b.bac_a03040/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\b.bac_a03040 NSIS: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\b.bac_a03040 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\ffa_mv20070611[1].bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\hlwjkpjy.dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\IGjmVRaG.dat.bac_a03040 Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\imxptqxp.dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\index[1].htm.bac_a03040 Infected: Trojan-Downloader.JS.Agent.kd skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\ljjighe(2).dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\ljjighe.dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\mljjgdb.dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\mvcgmas.dll.bac_a03040 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\nauj_20070613_1[1].bac_a03040 Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\xxx[1].htm.bac_a03040 Infected: Trojan-Downloader.JS.Agent.kd skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\babznb87.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\babznb87.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\babznb87.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Misc Downloads\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Owner\Desktop\Misc Downloads\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Owner\Desktop\Misc Downloads\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Owner\Desktop\Misc Downloads\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Owner\Desktop\Misc Downloads\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\babznb87.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\babznb87.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\babznb87.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\babznb87.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Mane2Backup.000 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\maneken2.000 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_d4c.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_ea0.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_edFe4rbogaLfrOS Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_rc2vq26x5IaM9hJ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_sXRTzeKe86aMaTG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_sYnvBAoi41Kw8Be Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_sYyYGDRN7eyxG7x Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite_uUYOyBhEBMLhuXM Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF1C27.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6F8C.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD4AC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6BYT0J0Z\WinAntiVirusPro2007FreeInstall[1].cab/UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6BYT0J0Z\WinAntiVirusPro2007FreeInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YQLAQIA2\counter[2].htm/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YQLAQIA2\counter[2].htm ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YQLAQIA2\rewardamazon[2].htm Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CMUD\packages\English Directions.pkg Object is locked skipped
C:\Program Files\CMUD\packages\English Keypad.pkg Object is locked skipped
C:\Program Files\CMUD\sessions.db Object is locked skipped
C:\Program Files\CMUD\testsite\testsite.pkg Object is locked skipped
C:\Program Files\CMUD\Valheru\Valheru_bak.pkg Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4(2).exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Yahoo!\Messenger\ypager.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0282278.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0282683.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0282887.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0283774.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0284043.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0284412.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0284420.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0284787.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0284798.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0285754.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\A0285857.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{9A0221C4-5C0D-4537-9E0E-431AA3735E3D}\RP708\change.log Object is locked skipped
C:\VundoFix Backups\awvtu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\hlwjkpjy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\VundoFix Backups\imxptqxp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AF7CEC16-DA57-449A-8A3B-CB2A28C5742E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gebcb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Secondly, the blacklight log:

07/01/07 01:54:48 [Info]: BlackLight Engine 1.0.64 initialized
07/01/07 01:54:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/01/07 01:54:48 [Note]: 7019 4
07/01/07 01:54:48 [Note]: 7005 0
07/01/07 01:54:57 [Note]: 7006 0
07/01/07 01:54:57 [Note]: 7022 0
07/01/07 01:54:57 [Note]: 7011 348
07/01/07 01:54:57 [Note]: 7026 0
07/01/07 01:54:58 [Note]: 7026 0
07/01/07 01:54:58 [Note]: 7015 1952
07/01/07 01:54:58 [Note]: 7015 5
07/01/07 01:54:58 [Note]: 7015 3444
07/01/07 01:54:58 [Note]: 7015 5
07/01/07 01:55:04 [Note]: FSRAW library version 1.7.1022
07/01/07 02:07:55 [Note]: 2000 1012
07/01/07 02:07:55 [Note]: 2000 1012
07/01/07 02:07:55 [Note]: 2000 1012
07/01/07 02:07:55 [Note]: 2000 1012
07/01/07 02:09:32 [Note]: 7007 0


THe blacklight scan came up clean..
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Navigator » July 1st, 2007, 10:05 am

Hello nummol....

Any more 'music'?

As far as your computer 'crashing' when you terminated explorer.exe process, that would be expected if the process terminated was the Windows explorer.exe and not related to malware:

http://www.liutilities.com/products/win ... /explorer/

Description:
explorer.exe is the Windows Program Manager or Windows Explorer. It manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager. By removing this process the graphical interface for Windows will disappear. This program is important for the stable and secure running of your computer and should not be terminated.


The Blacklight log as you stated is clean and that is good.

The Kaspersky scan found some things, however they were largely either quarantined, in vundofix backups. These can be removed by emptying the HouseCall quarantine folder and deleting this folder: C:\Vundofix Backups. The infected entries detected in system restore we will get rid of after your computer is clean when we reset system restore(they are not a bother now).

There was however a remaining Vundo file and the Vundo installer still residing in the temp files, so let's get rid of those now..

1. Delete Temporary Files:

  • Click on Start and then Run.
  • In the text box in the Run window, type %Temp% and click OK. We want to delete everything inside the C:\Windows\Temp folder or C:\WINNT\temp folder
  • choose Edit and then Select All from the menu.
      Note: If you're prompted that there are hidden files in this folder, just click on OK to bypass the message.
  • choose File and then Delete from the menu.
  • Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
  • After all of the files have been deleted you can close the window and then empty your Recycle Bin, permanently removing the files from your PC.


2. Delete a File on Reboot

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file -
      C:\WINDOWS\system32\gebcb.dll
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "yes".

3. Last, let's run ComboFix:

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Nummol » July 1st, 2007, 6:07 pm

Use combofix to fix what prompts?
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Nummol » July 1st, 2007, 6:07 pm

Nevermind, misread.
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Navigator » July 1st, 2007, 6:11 pm

Nummol wrote:Use combofix to fix what prompts?


The instructions say to download ComboFix and follow the prompts the program gives you...to allow it to run as it should.

ComboFix is a versatile tool that works on most cases of Vundo, and also other malware...it also delineates other parameters on your system that may be useful in cleaning a malware infection.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Navigator » July 1st, 2007, 6:12 pm

Nummol wrote:Nevermind, misread.


OK... :D
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Nummol » July 1st, 2007, 7:22 pm

Umm.. Combofix log:


"Owner" - 2007-07-01 18:38:39 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\gebcb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Messenger\projydi.html
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F2\mwspasrt83122(2).exe
C:\WINDOWS\system32\F2\mwspasrt83122.exe
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\win
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.tmp
C:\WINDOWS\system32\gebcb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Messenger\projydi.html
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F2\mwspasrt83122(2).exe
C:\WINDOWS\system32\F2\mwspasrt83122.exe
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F5
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\win
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 18:37 66,112 --a------ C:\WINDOWS\system32\sfueapml.dll
2007-07-01 18:37 66,112 --a------ C:\WINDOWS\system32\sfueapml.dll
2007-07-01 18:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 18:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 18:34 1,092,209 --a------ C:\ComboFix.exe
2007-07-01 18:34 1,092,209 --a------ C:\ComboFix.exe
2007-07-01 18:31 128,576 --a------ C:\WINDOWS\system32\qvmbcvhh.dll
2007-07-01 18:31 128,576 --a------ C:\WINDOWS\system32\qvmbcvhh.dll
2007-07-01 01:54 904,048 --a------ C:\fsbl.exe
2007-07-01 01:54 904,048 --a------ C:\fsbl.exe
2007-07-01 00:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-01 00:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-01 00:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-01 00:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-30 18:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-30 18:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 22:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 22:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-26 10:47 66,112 --a------ C:\WINDOWS\system32\fxgxrwfv.dll
2007-06-26 10:47 66,112 --a------ C:\WINDOWS\system32\fxgxrwfv.dll
2007-06-25 22:19 <DIR> d-------- C:\VundoFix Backups
2007-06-25 22:19 <DIR> d-------- C:\VundoFix Backups
2007-06-24 16:52 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter
2007-06-24 16:47 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-06-24 16:47 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-06-24 01:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-24 01:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-23 23:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-23 23:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-23 23:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-23 23:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-23 22:47 <DIR> d-------- C:\Program Files\Alex Feinman
2007-06-23 22:47 <DIR> d-------- C:\Program Files\Alex Feinman
2007-06-23 22:11 <DIR> d-------- C:\Program Files\Defender Pro Anti Spam
2007-06-23 22:11 <DIR> d-------- C:\Program Files\Defender Pro Anti Spam
2007-06-23 22:04 <DIR> d-------- C:\Program Files\DefenderPro AntiSpy
2007-06-23 22:04 <DIR> d-------- C:\Program Files\DefenderPro AntiSpy
2007-06-23 21:24 5,505,024 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-06-23 18:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Defender Pro Anti-Virus
2007-06-23 18:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Defender Pro Anti-Virus
2007-06-23 18:29 786,432 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-06-23 18:29 786,432 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-06-23 01:01 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-23 01:01 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-23 00:51 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-06-22 13:00 <DIR> d-------- C:\Program Files\Defender Pro
2007-06-22 13:00 <DIR> d-------- C:\Program Files\Defender Pro
2007-06-22 12:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-06-22 12:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-06-22 12:54 64 --a------ C:\WINDOWS\tsiwinfile.dat
2007-06-22 12:54 64 --a------ C:\WINDOWS\tsiwinfile.dat
2007-06-22 12:10 <DIR> d-------- C:\Temp
2007-06-22 12:10 <DIR> d-------- C:\Temp
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 22:47:07 761 --sha-w C:\WINDOWS\system32\mmf.sys
2007-07-01 22:41:16 -------- d-----w C:\Program Files\Messenger
2007-07-01 06:04:54 -------- d-----w C:\Program Files\CMUD
2007-06-28 21:46:56 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-06-27 02:33:26 -------- d-----w C:\Program Files\Viewpoint
2007-06-24 03:48:15 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 22:44:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-23 22:19:35 -------- d-----w C:\Program Files\McAfee
2007-06-23 22:19:34 -------- d-----w C:\Program Files\McAfee.com
2007-06-04 21:15:30 3,803 ----a-w C:\WINDOWS\mozver.dat
2007-06-04 21:15:28 -------- d-----w C:\Program Files\DivX
2007-05-20 06:15:22 -------- d--h--w C:\DOCUME~1\Owner\APPLIC~1\Move Networks
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-03 04:22:39 -------- d-----w C:\Program Files\City of Heroes
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel(2).dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx(2).dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx(2).dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi(2).dll
2007-04-18 12:31:39 658,944 ----a-w C:\WINDOWS\system32\wininet(2).dll
2007-04-18 12:31:39 615,424 ----a-w C:\WINDOWS\system32\urlmon(2).dll
2007-04-18 12:31:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
2007-04-18 12:31:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi(2).dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32(2).dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-02-19 03:26:34 761 --sha-w C:\WINDOWS\system32\mmf(2)(2)(2).sys
2006-02-19 03:26:34 761 --sha-w C:\WINDOWS\system32\mmf(2)(2).sys
2006-02-18 19:58:14 761 --sha-w C:\WINDOWS\system32\mmf(3)(2)(2).sys
2006-02-18 19:58:14 761 --sha-w C:\WINDOWS\system32\mmf(3)(2).sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{2d993cd2-c90c-4806-a45e-0a045151ae98}=C:\WINDOWS\system32\mvcgmas.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 11:38]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}=C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 09:55]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{80E77802-77B0-49EF-889F-B3E09A7CF3B8}=C:\Program Files\Windows Media Player\hone43855.dll []
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]
{A0556DE8-8FAA-4743-A26B-F56A5998465D}=C:\WINDOWS\system32\awvtu.dll []
{B55D46A1-ADEF-4BB6-A11A-1BEAE7C62710}=\ [2007-07-01 19:09]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 17:04]
{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}=C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [2004-11-22 06:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"Gateway Ink Monitor"="C:\Program Files\Gateway Utilities\GWInkMonitor.exe" [2003-06-24 22:33]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-09-03 11:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-04 00:16]
"MPFTray"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32]
"@"="" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-08-23 09:36]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-08-23 09:22]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"MISAggregator"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-19 03:01]
"DPAS"="C:\Program Files\DefenderPro AntiSpy\DPASNT.exe" [2005-04-29 06:17]
"DPASUpdate"="C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe" []
"103"="C:\Program Files\Defender Pro Anti Spam\admin -hide" []
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-06-23 00:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-04-27 18:18]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\projydi.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgdb]
mljjgdb.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


**************************************************************************

C:\WINDOWS\setdebug.exe:KAVICHS 36 bytescatchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 19:09:36
Windows 5.1.2600 Service Pack 2 NTFS hidden from API


scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Setup1.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\FeatherTexture.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB282010.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\NCUNINST.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB896428.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\nircmd.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB911564.log:KAVICHS 36 bytes hidden from APIad.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\nsreg.dat:KAVICHS 68 bytesC:\WINDOWS\KB920683.log:KAVICHS 36 bytes hidden from API
hidden from APIC:\WINDOWS\nsw.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB925454.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB931836.log:KAVICHS 36 bytesC:\WINDOWS\ntbtlog.txt:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\ntdtcsetup.log:KAVICHS 68 bytes hidden from APIC:\WINDOWS\Prairie Wind.bmp:KAVICHS 68 bytes hidden from API

C:\WINDOWS\Q810400.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\ocgen.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\ocmsn.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\regedit.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\ODBC.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS 68 bytes hidden from APIC:\WINDOWS\ODBCINST.INI:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\OEWABLog.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\oobeact.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\P17DEF.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\PICTAKER.LOG:KAVICHS 36 bytes hidden from API
C:\WINDOWS\setupapi.log:KAVICHS 100 bytes hidden from API
C:\WINDOWS\setupact.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\spupdsvc.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twunk_16.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\setupapi.log.0.old:KAVICHS 68 bytes hidden from API
C:\WINDOWS\GMUD32.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Gone Fishing.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\setupapi.log.1.old:KAVICHS 68 bytes hidden from API
hidden from API
C:\WINDOWS\hh.exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\setuperr.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\setuplog.txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ieuninst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\sl.lng:KAVICHS 36 bytes hidden from APIC:\WINDOWS\iis6.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\slcplappl.ico:KAVICHS 68 bytesC:\WINDOWS\imsins.BAK:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\slrundll.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\imsins.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SmCfg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Soap Bubbles.bmp:KAVICHS 68 bytesC:\WINDOWS\INRES.DLL:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\IsUninst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\iun6002.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\jautoexp.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SBWIN.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SchedLgU.Txt:KAVICHS 36 bytes hidden from API
C:\WINDOWS\sessmgr.setup.log:KAVICHS 68 bytesC:\WINDOWS\setdebug.exe:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Setup1.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\FeatherTexture.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\twunk_32.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\UninstallFirefox.exe:KAVICHS 68 bytesC:\WINDOWS\KB282010.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB896428.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\unvise32qt.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB911564.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Updreg.EXE:KAVICHS 100 bytes hidden from APIC:\WINDOWS\KB920683.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\updspapi.log:KAVICHS 36 bytesC:\WINDOWS\KB925454.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\vb.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB931836.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\vbaddin.ini:KAVICHS 36 bytes hidden from API

C:\WINDOWS\Prairie Wind.bmp:KAVICHS 68 bytes hidden from APIC:\WINDOWS\vminst.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Q810400.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\vmmreg32.dll:KAVICHS 36 bytesC:\WINDOWS\regedit.exe:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\Santa Fe Stucco.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\setupact.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\spupdsvc.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twunk_16.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\GMUD32.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wanmpsvc(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\wanmpsvc.exe:KAVICHS 228 bytesC:\WINDOWS\Gone Fishing.bmp:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\Greenstone.bmp:KAVICHS 68 bytesC:\WINDOWS\WGA.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\hh.exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\wiadebug.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\ieuninst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wiaservc.log:KAVICHS 100 bytes hidden from API
C:\WINDOWS\iis6.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\win.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\imsins.BAK:KAVICHS 36 bytesC:\WINDOWS\Windows Update.log:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\imsins.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WindowsUpdate.log:KAVICHS 228 bytes hidden from API
C:\WINDOWS\INRES.DLL:KAVICHS 36 bytesC:\WINDOWS\Q810565.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q810577.log:KAVICHS 36 bytesC:\WINDOWS\IsUninst.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\iun6002.exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\Q810833.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\jautoexp.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q811493.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\SBWIN.INI:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q811630.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\SchedLgU.Txt:KAVICHS 36 bytesC:\WINDOWS\Q814033.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\Q814696.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q814995.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\sessmgr.setup.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Q815021.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q816048.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twunk_32.exe:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q816509.log:KAVICHS 36 bytes
hidden from APIC:\WINDOWS\UninstallFirefox.exe:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\unvise32qt.exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\Q816843.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\Updreg.EXE:KAVICHS 100 bytes hidden from API
C:\WINDOWS\Q816982.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\updspapi.log:KAVICHS 36 bytesC:\WINDOWS\Q817287.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q817606.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\vb.ini:KAVICHS 36 bytes hidden from API

C:\WINDOWS\vbaddin.ini:KAVICHS 36 bytesC:\WINDOWS\Q819636.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q819696.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\vminst.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\vmmreg32.dll:KAVICHS 36 bytesC:\WINDOWS\QTFont.for:KAVICHS 68 bytes hidden from API
hidden from API
C:\WINDOWS\wanmpsvc(2).exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\QTFont.qfn:KAVICHS 68 bytes hidden from API

C:\WINDOWS\wanmpsvc.exe:KAVICHS 228 bytes hidden from API
C:\WINDOWS\DefenderPro AntiSpy Setup Log.txt:KAVICHS 68 bytes hidden from API
C:\WINDOWS\WGA.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wiadebug.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DIIUnin.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wiaservc.log:KAVICHS 100 bytes hidden from APIin.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\win.ini:KAVICHS 68 bytes hidden from APIC:\WINDOWS\DIIUnin.pif:KAVICHS 36 bytes hidden from API

C:\WINDOWS\Windows Update.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\DirectX.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\WindowsUpdate.log:KAVICHS 228 bytes hidden from API

C:\WINDOWS\Q810565.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q810577.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DtcInstall.log:KAVICHS 68 bytes hidden from APIC:\WINDOWS\Q810833.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\DXError.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q811493.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\eqlsUIConfig.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Q811630.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q814033.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\EReg072.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q814696.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\explorer.exe:KAVICHS 132 bytes hidden from API
C:\WINDOWS\Q814995.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\explorer.scf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q815021.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q816048.log:KAVICHS 36 bytesC:\WINDOWS\FaxSetup.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q816509.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\winhelp.exe:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\Q816843.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\winhlp32.exe:KAVICHS 100 bytes hidden from API
C:\WINDOWS\Q816982.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q817287.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\winnt.bmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q817606.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\winnt256.bmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q819636.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WinPoET_PreInstallation.txt:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Q819696.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmsetup.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\QTFont.for:KAVICHS 68 bytes hidden from API

C:\WINDOWS\QTFont.qfn:KAVICHS 100 bytes hidden from API
C:\WINDOWS\wmsetup10.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\DefenderPro AntiSpy Setup Log.txt:KAVICHS 68 bytes hidden from API
C:\WINDOWS\WMSysPr9.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\WMSysPrx.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DIIUnin.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\xpsp1hfm.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DIIUnin.exe:KAVICHS 36 bytes hidden from APIC:\WINDOWS\yacs.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Zapotec.bmp:KAVICHS 36 bytesC:\WINDOWS\DIIUnin.pif:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\DirectX.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\_default.pif:KAVICHS 36 bytes hidden from API
C:\WINDOWS\DtcInstall.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\DXError.log:KAVICHS 36 bytesC:\WINDOWS\KB821187.log:KAVICHS 36 bytes hidden from API
hidden from APIC:\WINDOWS\eqlsUIConfig.ini:KAVICHS 68 bytes
hidden from APIC:\WINDOWS\KB821557.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB822603.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\EReg072.dat:KAVICHS 36 bytes hidden from API

C:\WINDOWS\explorer.exe:KAVICHS 132 bytes hidden from APIC:\WINDOWS\KB823559.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\explorer.scf:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB823980.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB824146.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\FaxSetup.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB835409.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB835732.log:KAVICHS 36 bytesC:\WINDOWS\winhelp.exe:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\winhlp32.exe:KAVICHS 100 bytes hidden from APIC:\WINDOWS\KB842773.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\winnt.bmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\winnt256.bmp:KAVICHS 36 bytesC:\WINDOWS\KB873339.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\WinPoET_PreInstallation.txt:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB885835.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\wmsetup.log:KAVICHS 36 bytesC:\WINDOWS\KB885836.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\wmsetup10.log:KAVICHS 68 bytes hidden from APIC:\WINDOWS\KB885884.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\WMSysPr9.prx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB886185.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\WMSysPrx.prx:KAVICHS 36 bytes hidden from API

C:\WINDOWS\xpsp1hfm.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB887472.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB888302.log:KAVICHS 36 bytesC:\WINDOWS\yacs.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Zapotec.bmp:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB890046.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\_default.pif:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB821187.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB890859.log:KAVICHS 36 bytesC:\WINDOWS\KB821557.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\KB822603.log:KAVICHS 36 bytesC:\WINDOWS\KB891781.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\KB823559.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB893756.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB823980.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB893803v2.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB824146.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB835409.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB896358.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB835732.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB896423.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB842773.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB873339.log:KAVICHS 36 bytesC:\WINDOWS\KB896424.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB885835.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB920685.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB885836.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB920872.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB885884.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB921398.log:KAVICHS 36 bytesC:\WINDOWS\KB886185.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB921883.log:KAVICHS 36 bytesC:\WINDOWS\KB887472.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB888302.log:KAVICHS 36 bytesC:\WINDOWS\KB922582.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\KB890046.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922616.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB890859.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922760.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB891781.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922819.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB893756.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB923191.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB893803v2.log:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\KB896358.log:KAVICHS 36 bytesC:\WINDOWS\KB923414.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB896423.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB923689.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB896424.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB923694.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB920685.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB923980.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB920872.log:KAVICHS 36 bytesC:\WINDOWS\KB924191.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB921398.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924270.log:KAVICHS 36 bytesC:\WINDOWS\KB921883.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB922582.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924496.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922616.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922760.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924667.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB922819.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB925398.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB923191.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB923414.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\bootstat.dat:KAVICHS 228 bytes hidden from APIC:\WINDOWS\KB923689.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB923694.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB923980.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924191.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924270.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924496.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB924667.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB925398.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\catchme.exe:KAVICHS 36 byteses hidden from API
hidden from API
C:\WINDOWS\cdPlayer.ini:KAVICHS 68 bytesC:\WINDOWS\catchme.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\chipset.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\cdPlayer.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\clock.avi:KAVICHS 36 bytesC:\WINDOWS\chipset.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\clock.avi:KAVICHS 36 bytes hidden from API
C:\WINDOWS\cmsetacl.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\cmsetacl.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Coffee Bean.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Coffee Bean.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\COM+.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\COM+.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\comsetup.log:KAVICHS 36 bytesC:\WINDOWS\comsetup.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\CopernicAgentUninstall.exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\CopernicAgentUninstall.exe:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\CTCCW.DLL:KAVICHS 36 bytes hidden from API.DLL:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Ctregrun.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Ctregrun.exe:KAVICHS 36 bytesC:\WINDOWS\CTRES.DLL:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\CTRES.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\D9H7ADCC.ocx:KAVICHS 68 bytes hidden from APIC:\WINDOWS\D9H7ADCC.ocx:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\KB898461.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB898461.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB899587.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB899587.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB899591.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB899591.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB900485.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB900485.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB900725.log:KAVICHS 36 bytesC:\WINDOWS\KB900725.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB901017.log:KAVICHS 36 bytesC:\WINDOWS\KB901017.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB901214.log:KAVICHS 36 bytesC:\WINDOWS\KB901214.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB902400.log:KAVICHS 36 bytesC:\WINDOWS\KB902400.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB904706.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB904706.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB905414.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB905414.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB905495.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB905495.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB905749.log:KAVICHS 36 bytesC:\WINDOWS\KB905749.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB908519.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB908519.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB908531.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB908531.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB910437.log:KAVICHS 36 bytesC:\WINDOWS\KB910437.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB911280.log:KAVICHS 36 bytesC:\WINDOWS\KB911280.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB911562.log:KAVICHS 36 bytesC:\WINDOWS\KB911562.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q323255.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q323255.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q327979.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q327979.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\Q328310.log:KAVICHS 36 bytesC:\WINDOWS\Q328310.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\Q329048.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329048.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329115.log:KAVICHS 36 bytes hidden from API15.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Q329170.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q329170.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329390.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329390.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329441.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329441.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q329834.log:KAVICHS 36 bytesC:\WINDOWS\Q329834.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\Q330994.exe:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q330994.exe:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\Q331953.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\Q331953.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\Q331958.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q331958.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Q810243.log:KAVICHS 36 bytesC:\WINDOWS\Q810243.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB911567-OE6SP1-20060316.165634.log:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB911567.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB911567-OE6SP1-20060316.165634.log:KAVICHS 68 bytes hidden from APIC:\WINDOWS\KB911927.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB911567.log:KAVICHS 36 bytesC:\WINDOWS\KB912919.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB913580.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB911927.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB912919.log:KAVICHS 36 bytesC:\WINDOWS\KB914388.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB913580.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB914389.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB914388.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB916595.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB914389.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917159.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB916595.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917344.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917159.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917344.log:KAVICHS 36 bytesC:\WINDOWS\KB917422.log:KAVICHS 36 bytes hidden from API
idden from API
C:\WINDOWS\KB917422.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB917734.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB917734.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917953.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB917953.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB918118.log:KAVICHS 36 bytesC:\WINDOWS\KB918118.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\KB918439.log:KAVICHS 36 bytesC:\WINDOWS\KB918439.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB918899.log:KAVICHS 36 bytesC:\WINDOWS\KB918899.log:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\KB919007.log:KAVICHS 36 bytesC:\WINDOWS\KB919007.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB920213.log:KAVICHS 36 bytesC:\WINDOWS\KB920213.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB920214.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB920214.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB920670.log:KAVICHS 36 bytesC:\WINDOWS\KB920670.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB925486.log:KAVICHS 36 bytesC:\WINDOWS\KB925486.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB925902.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB925902.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB926255.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB926255.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB926436.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB927779.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB927779.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB927802.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB927802.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB927891.log:KAVICHS 36 bytesC:\WINDOWS\KB927891.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB928090.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB928090.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB928255.log:KAVICHS 36 bytesC:\WINDOWS\KB928255.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB928843.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB928843.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB929123.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB929123.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB929338.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB929338.log:KAVICHS 36 bytes hidden from API

C:\WINDOWS\KB929969.log:KAVICHS 36 bytes hidden from APIC:\WINDOWS\KB929969.log:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\KB930178.log:KAVICHS 36 bytesC:\WINDOWS\KB930178.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB930916.log:KAVICHS 36 bytesC:\WINDOWS\KB930916.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB931261.log:KAVICHS 36 bytesC:\WINDOWS\KB931261.log:KAVICHS 36 bytes hidden from API hidden from API
C:\WINDOWS\KB931768.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB931768.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB931784.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB931784.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\002300_.tmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\002300_.tmp:KAVICHS 36 bytes hidden from API
C:\WINDOWS\AC3API.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\AC3API.INI:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Blue Lace 16.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Blue Lace 16.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\KB932168.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB932168.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB933566.log:KAVICHS 36 bytesC:\WINDOWS\KB933566.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\KB935839.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB935839.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB935840.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\KB935840.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Lavish.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Lavish.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\lcmmfu.cpl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\lcmmfu.cpl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\MIDIDEF.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\MIDIDEF.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\MixBKS.INI:KAVICHS 68 bytes hidden from API
C:\WINDOWS\MixBKS.INI:KAVICHS 68 bytes hidden from API
C:\WINDOWS\mmfs(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\mmfs.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\mmfs(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\mmfs.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\mozver.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\mozver.dat:KAVICHS 36 bytes hidden from API
C:\WINDOWS\msdfmap.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\msdfmap.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\msgsocm.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\msgsocm.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\REGLOCS.OLD:KAVICHS 36 bytes hidden from API
C:\WINDOWS\regopt.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\REGLOCS.OLD:KAVICHS 36 bytes hidden from API
C:\WINDOWS\regopt.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\Rhododendron.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\River Sumida.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Rhododendron.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\River Sumida.bmp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Runservice(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\Runservice.exe:KAVICHS 228 bytesC:\WINDOWS\Runservice(2).exe:KAVICHS 68 bytes hidden from API hidden from API
C:\WINDOWS\Runservice.exe:KAVICHS 228 bytes hidden from API
C:\WINDOWS\ST6UNST.000:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ST6UNST.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ST6UNST.000:KAVICHS 36 bytes hidden from API
C:\WINDOWS\ST6UNST.EXE:KAVICHS 36 bytes hidden from API
C:\WINDOWS\svcpack.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\svcpack.log:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system.ini:KAVICHS 132 bytes hidden from API
C:\WINDOWS\system.ini:KAVICHS 132 bytes hidden from API
C:\WINDOWS\T4CUNST.EXE:KAVICHS 36 bytesC:\WINDOWS\T4CUNST.EXE:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\TASKMAN.EXE:KAVICHS 36 bytesC:\WINDOWS\TASKMAN.EXE:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\tsiwinfile.dat:KAVICHS 228 bytesC:\WINDOWS\tsiwinfile.dat:KAVICHS 228 bytes hidden from API hidden from API

C:\WINDOWS\tsoc.log:KAVICHS 36 bytesC:\WINDOWS\tsoc.log:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\twain.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twain.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twain_32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\twain_32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wowfaxui(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wowfaxui.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpa.dbl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wowfaxui(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpabaln(2).exe:KAVICHS 68 bytesC:\WINDOWS\system32\wowfaxui.dll:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\wpa.dbl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpabaln(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpabaln.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpabaln.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdconns.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdconns.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdmtp.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdmtpdr(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdmtp.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdmtpdr(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdmtpdr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdmtpdr.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdmtpus.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdmtpus.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdsp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdtrace(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdtrace.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpd_ci(2).dll:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\wpdsp.dll:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\wpd_ci.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpdtrace(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpdtrace.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpd_ci(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpd_ci.dll:KAVICHS 36 bytes hidden from APIm32\wpnpinst(2).exe:KAVICHS 68 bytes hidden from API

C:\WINDOWS\system32\wpnpinst(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\wpnpinst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\wpnpinst.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\write(2).exe:KAVICHS 36 bytesC:\WINDOWS\system32\write(2).exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\write.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ws2help(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ws2help.dll:KAVICHS 228 bytes hidden from APIC:\WINDOWS\system32\write.exe:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\ws2help(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ws2help.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\help(2).exe:KAVICHS 36 bytes hidden from API

C:\WINDOWS\system32\help.exe:KAVICHS 36 bytesC:\WINDOWS\system32\help.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\Help.ico:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hhctrl.ocx:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\Help.ico:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hhsetup.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hhctrl.ocx:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hhvcbmvq.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hhsetup.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hhvcbmvq.ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hid(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hid.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hid(2).dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\hid.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hidphone(2).tsp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hidphone.tsp:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hidphone(2).tsp:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hidserv(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hidphone.tsp:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hidserv.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\hidserv(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\hidserv.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\himem(2).sys:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\himem(2).sys:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\himem.sys:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\himem.sys:KAVICHS 36 bytesC:\WINDOWS\system32\hlink.dll:KAVICHS 100 bytes hidden from API
hidden from API
C:\WINDOWS\system32\hlink.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\prodspec(2).ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\prodspec(2).ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\prodspec.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\prodspec.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\profmap(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\profmap(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\profmap.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\profmap.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\progman.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\progman.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PRONtObj(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PRONtObj(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\PRONtObj.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\PRONtObj.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\proquota(2).exe:KAVICHS 68 bytesC:\WINDOWS\system32\proquota(2).exe:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\system32\proquota.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\proquota.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\Prounstl(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\Prounstl(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\Prounstl.exe:KAVICHS 36 bytesC:\WINDOWS\system32\Prounstl.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\proxycfg(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\proxycfg(2).exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\proxycfg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\proxycfg.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msvcr71.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\msvcr71.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\msvcrt(2).dll:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\system32\msvcrt.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\msvcrt.dll:KAVICHS 228 bytes hidden from API
C:\WINDOWS\system32\msvcrt20(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvcrt20(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvcrt20.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msvcrt20.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msvcrt40(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvcrt40(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvcrt40.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msvfw32.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\msvidc32.dll:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\msvcrt40.dll:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\msvfw32.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\msvidc32.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvidctl.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msvideo(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvideo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmib(2).dll:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\msvidctl.dll:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\msvideo(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\msvideo.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmib.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmib(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmib.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmon(2).ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmon.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmon(2).ini:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmon.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmon.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmon.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpmonui(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmonui(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\tcpmonui.dll:KAVICHS 36 bytesC:\WINDOWS\system32\tcpmonui.dll:KAVICHS 36 bytes hidden from API hidden from API
C:\WINDOWS\system32\tcpsvcs(2).exe:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\tcpsvcs(2).exe:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\system32\tcpsvcs.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tcpsvcs.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tdc.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\tdc.ocx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\telephon(2).cpl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\telephon(2).cpl:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\telephon.cpl:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\telnet.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\telephon.cpl:KAVICHS 36 bytesC:\WINDOWS\system32\cmmon32.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\telnet.exe:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\cmos.ram:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmpbk32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmmon32.exe:KAVICHS 36 bytesC:\WINDOWS\system32\cmprops.dll:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\cmos.ram:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmpbk32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmsetacl.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cmprops.dll:KAVICHS 36 bytesC:\WINDOWS\system32\cmstp.exe:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\cmutil.dll:KAVICHS 36 bytesC:\WINDOWS\system32\cmsetacl.dll:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\system32\cmstp.exe:KAVICHS 36 bytes hidden from APIm32\cnbjmon.dll:KAVICHS 68 bytes hidden from API

C:\WINDOWS\system32\cmutil.dll:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\cnetcfg.dll:KAVICHS 36 bytes hidden from API

C:\WINDOWS\system32\cnvfat.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cnbjmon.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\cnetcfg.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\coinst.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cnvfat.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\coinst.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\colbact(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\colbact.dll:KAVICHS 228 bytesC:\WINDOWS\system32\colbact(2).dll:KAVICHS 68 bytes hidden from API
hidden from API
C:\WINDOWS\system32\colbact.dll:KAVICHS 228 bytesC:\WINDOWS\system32\comaddin.dll:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\system32\comaddin.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\comcat.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\comcat.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\comctl32(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\comctl32(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\comctl32.dll:KAVICHS 228 bytesC:\WINDOWS\system32\comctl32.dll:KAVICHS 228 bytes hidden from API
hidden from API
C:\WINDOWS\system32\mapistub.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mapistub.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mciseq.dll:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\mciseq.dll:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\MFC71ENU.DLL:KAVICHS 36 bytesC:\WINDOWS\system32\MFC71ENU.DLL:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\mindex.dll:KAVICHS 36 bytesC:\WINDOWS\system32\mindex.dll:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\mmdrv.dll:KAVICHS 68 bytesC:\WINDOWS\system32\mmdrv.dll:KAVICHS 68 bytes hidden from API

C:\WINDOWS\system32\modex.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\modex.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\msacm32(2).drv:KAVICHS 68 bytesC:\WINDOWS\system32\msacm32(2).drv:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\system32\mscdexnt.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mscdexnt.exe:KAVICHS 36 bytesC:\WINDOWS\system32\msdtcprf.h:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\msdtcprf.h:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\mshta.exe:KAVICHS 36 bytesC:\WINDOWS\system32\mshta.exe:KAVICHS 36 bytes hidden from API hidden from API
C:\WINDOWS\system32\msihnd.dll:KAVICHS 100 bytesC:\WINDOWS\system32\msihnd.dll:KAVICHS 100 bytes hidden from API
hidden from API
C:\WINDOWS\system32\msobjs.dll:KAVICHS 36 bytesC:\WINDOWS\system32\msobjs.dll:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\$winnt$.inf:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\$winnt$.inf:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\12520437.cpx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\12520437.cpx:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\12520850.cpx:KAVICHS 36 bytes hidden from API

C:\WINDOWS\system32\12520850.cpx:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\6to4svc.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\A3d.dll:KAVICHS 68 bytesC:\WINDOWS\system32\6to4svc.dll:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\system32\aaaamon.dll:KAVICHS 36 bytesC:\WINDOWS\system32\A3d.dll:KAVICHS 68 bytes hidden from API
hidden from API
C:\WINDOWS\system32\aaaamon.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\AC3API.DLL:KAVICHS 36 bytesC:\WINDOWS\system32\AC3API.DLL:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\access.cpl:KAVICHS 36 bytesC:\WINDOWS\system32\access.cpl:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\acctres.dll:KAVICHS 36 bytesC:\WINDOWS\system32\acctres.dll:KAVICHS 36 bytes hidden from API hidden from API
C:\WINDOWS\system32\accwiz.exe:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\accwiz.exe:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\acelpdec.ax:KAVICHS 36 bytesC:\WINDOWS\system32\acelpdec.ax:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\acledit.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\acledit.dll:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\aclui.dll:KAVICHS 100 bytes hidden from API

C:\WINDOWS\system32\aclui.dll:KAVICHS 100 bytes hidden from API
C:\WINDOWS\system32\activeds(2).dll:KAVICHS 68 bytesC:\WINDOWS\system32\activeds(2).dll:KAVICHS 68 bytes hidden from API
idden from API
C:\WINDOWS\system32\activeds.dll:KAVICHS 228 bytesC:\WINDOWS\system32\activeds.dll:KAVICHS 228 bytes hidden from API hidden from API

C:\WINDOWS\system32\activeds.tlb:KAVICHS 36 bytesC:\WINDOWS\system32\activeds.tlb:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\system32\cscui.dll:KAVICHS 68 bytesC:\WINDOWS\system32\cscui.dll:KAVICHS 68 bytes hidden from API hidden from API

C:\WINDOWS\system32\csrsrv(2).dll:KAVICHS 68 bytes hidden from API
\WINDOWS\system32\csrsrv(2).dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\csrsrv.dll:KAVICHS 228 bytesC:\WINDOWS\system32\csrsrv.dll:KAVICHS 228 bytes hidden from API
hidden from API
C:\WINDOWS\system32\csrss(2).exe:KAVICHS 36 bytesC:\WINDOWS\system32\csrss(2).exe:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\system32\csrss.exe:KAVICHS 228 bytesC:\WINDOWS\system32\csrss.exe:KAVICHS 228 bytes hidden from API hidden from API

C:\WINDOWS\system32\csseqchk.dll:KAVICHS 36 bytesC:\WINDOWS\system32\csseqchk.dll:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\CT1MGM.ROM:KAVICHS 36 bytesC:\WINDOWS\system32\CT1MGM.ROM:KAVICHS 36 bytes hidden from API
hidden from APIC:\WINDOWS\system32\ct2mgm.sf2:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\ct2mgm.sf2:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CT4MGM.SF2:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\CT4MGM.SF2:KAVICHS 36 bytes
hidden from API
C:\WINDOWS\system32\CTDetect.cnt:KAVICHS 36 bytesC:\WINDOWS\system32\CTDetect.cnt:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\CTDetect.hlp:KAVICHS 36 bytesC:\WINDOWS\system32\CTDetect.hlp:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\CTDetres.dll:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\CTDetres.dll:KAVICHS 36 bytes hidden from API

C:\WINDOWS\system32\CtDvInst.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CtDvInst.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ctfmon.exe:KAVICHS 36 bytesC:\WINDOWS\system32\ctfmon.exe:KAVICHS 36 bytes hidden from API
hidden from API
C:\WINDOWS\system32\CTL3D.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ctl3d32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTL3D.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ctl3d32.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTMEDENG.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTMEDENG.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTMERes.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTMERes.DLL:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\CTSVCCDA(2).EXE:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\CTSVCCDA(2).EXE:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\CTSVCCDA.EXE:KAVICHS 228 bytes hidden from APIC:\WINDOWS\system32\CTSVCCDA.EXE:KAVICHS 228 bytes hidden from API

C:\WINDOWS\system32\CTSVCCTL.EXE:KAVICHS 36 bytesC:\WINDOWS\system32\CTSVCCTL.EXE:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\CTWFLT32(2).DLL:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\CTWFLT32(2).DLL:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\system32\CTWFLT32.DLL:KAVICHS 36 bytesC:\WINDOWS\system32\CTWFLT32.DLL:KAVICHS 36 bytes hidden from API hidden from API

C:\WINDOWS\system32\ctype.nls:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ctype.nls:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\ctzapxx(2).ini:KAVICHS 68 bytes hidden from APIC:\WINDOWS\system32\ctzapxx(2).ini:KAVICHS 68 bytes
hidden from API
C:\WINDOWS\system32\ctzapxx.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\ctzapxx.ini:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\cvpieqka.ini:KAVICHS 164 bytes hidden from API
C:\WINDOWS\system32\actxprxy.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\admparse.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\adptif.dll:KAVICHS 36 bytesC:\WINDOWS\system32\cvpieqka.ini:KAVICHS 164 bytes hidden from API hidden from API

C:\WINDOWS\system32\actxprxy.dll:KAVICHS 68 bytes hidden from API
C:\WINDOWS\system32\adsldp.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\admparse.dll:KAVICHS 36 bytes hidden from API
C:\WINDOWS\system32\adsldpc(2).dll:KAVICHS 68 bytesC:\WINDOWS\system32\adptif.dll:KAVICHS 36 bytes hidden from API hidden from API
C:\WINDOWS\system32\adsldp.dll:KAVICHS 36 bytes hidden from APIC:\WINDOWS\system32\adsldpc.dll:KAVICHS 228 by
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Nummol » July 1st, 2007, 7:23 pm

HJT Log AFTER Combofix.exe ran...

Logfile of HijackThis v1.99.1
Scan saved at 7:22:29 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d993cd2-c90c-4806-a45e-0a045151ae98} - C:\WINDOWS\system32\mvcgmas.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {80E77802-77B0-49EF-889F-B3E09A7CF3B8} - C:\Program Files\Windows Media Player\hone43855.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A0556DE8-8FAA-4743-A26B-F56A5998465D} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {B55D46A1-ADEF-4BB6-A11A-1BEAE7C62710} - \
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .3.102.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/vir ... lient1.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://legend.bit0.com/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://studentantivirus.shepherd.edu:8088/webinst.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljjgdb - mljjgdb.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Unread postby Navigator » July 1st, 2007, 9:56 pm

I think the ComboFix log got cut off.

OK...

1. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {2d993cd2-c90c-4806-a45e-0a045151ae98} - C:\WINDOWS\system32\mvcgmas.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {80E77802-77B0-49EF-889F-B3E09A7CF3B8} - C:\Program Files\Windows Media Player\hone43855.dll (file missing)
O2 - BHO: (no name) - {A0556DE8-8FAA-4743-A26B-F56A5998465D} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {B55D46A1-ADEF-4BB6-A11A-1BEAE7C62710} - \
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - Winlogon Notify: mljjgdb - mljjgdb.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\


Now close all windows other than HiJackThis, then click Fix Checked.

2. Delete Files on Reboot (multiple files)

  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\system32\sfueapml.dll
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".
  • Do that for the following files also. When you get to the last one, click "yes" when HJT asks you to reboot.

C:\WINDOWS\system32\qvmbcvhh.dll
C:\WINDOWS\system32\fxgxrwfv.dll


3. After the reboot, post another HJT log and let me know what problems you might still be having with your system....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware