Hi, Dan! Thanks for your patience during a very busy last few days...
Yes, the "C:\Program Files\lame-3.96.1.zip mp3" is the installer for the Lame codec, which converts WAV files to MP3s. It, in turn, is used by a freeware program called "Audiograbber", which is my favorite program for ripping my CDs to MP3s.
Jotti's service load was near 100%, so I used Virus Total instead. The results were generated in table format, which copying and pasting kinda destroys, so I hope you can make sense of them. I added some extra spaces in the first few rows of the first few reports to indicate where the columns should be.
From Total Virus...
"C:\WINDOWS\system32\L91CA.tmp" yeilded the following report....
File L91CA.tmp
Current status: finished
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.09 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.09 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.09 -
Fortinet 3.14.0.0 2008.03.08 -
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.09 -
Ikarus T3.1.1.20 2008.03.09 -
Kaspersky 7.0.0.125 2008.03.09 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2932 2008.03.09 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.09 -
Rising 20.34.62.00 2008.03.09 -
Sophos 4.27.0 2008.03.09 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.09 -
TheHacker 6.2.92.238 2008.03.08 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.09 -
Additional information
File size: 401 bytes
MD5: 3da212c0785808b3efcd0b1693096684
SHA1: 3c4b84d050637ec90f5e26e3e3cd70d5413ba2eb
PEiD: -
~~~~~~~~~~~~~~~
"C:\WINDOWS\coolacm.ini" yeilded the following report...
File coolacm.ini
Current status: finished
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.09 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.09 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.09 -
Fortinet 3.14.0.0 2008.03.08 -
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.09 -
Ikarus T3.1.1.20 2008.03.09 -
Kaspersky 7.0.0.125 2008.03.09 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2932 2008.03.09 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.09 -
Rising 20.34.62.00 2008.03.09 -
Sophos 4.27.0 2008.03.09 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.09 -
TheHacker 6.2.92.238 2008.03.08 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.09 -
Additional information
File size: 58 bytes
MD5: ecea7d841d87ba783a30c6068b795d06
SHA1: 525808e12e274a990a4f3811091f65d07c0616f3
PEiD: -
~~~~~~~~~~~~~~~~~~~~~
"C:\WINDOWS\system32\OdiOlDVR.dll" yeilded the following report...
File OdiOlDVR.dll
Current status: finished
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.09 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.09 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.09 -
Fortinet 3.14.0.0 2008.03.08 -
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.09 -
Ikarus T3.1.1.20 2008.03.09 -
Kaspersky 7.0.0.125 2008.03.09 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2932 2008.03.09 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.09 -
Rising 20.34.62.00 2008.03.09 -
Sophos 4.27.0 2008.03.09 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.09 -
TheHacker 6.2.92.238 2008.03.08 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.09 -
Additional information
File size: 114688 bytes
MD5: bffe6b72ad586b066472c8a9f99cc08e
SHA1: 8589a467822a32d694ee66fe4024fc58c31a3f3b
PEiD: Armadillo v1.xx - v2.xx
~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\WINDOWS\system32\STRDEVAPI.dll" yeilded the following report...
File STRDEVAPI.dll
Current status: finished
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.09 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.09 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.09 -
Fortinet 3.14.0.0 2008.03.08 -
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.09 -
Ikarus T3.1.1.20 2008.03.09 -
Kaspersky 7.0.0.125 2008.03.09 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2932 2008.03.09 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.09 -
Rising 20.34.62.00 2008.03.09 -
Sophos 4.27.0 2008.03.09 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.09 -
TheHacker 6.2.92.238 2008.03.08 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.09 -
Additional information
File size: 86016 bytes
MD5: 6ecab4b8456b2eedfa298843691a04b3
SHA1: 54f52f50cb89883f6d12667fbbe25f5ec6247d34
PEiD: Armadillo v1.xx - v2.xx
~~~~~~~~~~~~~~~~~~~~~~~~~
"C:\WINDOWS\system32\OdiAPI.dll" yeilded the following report...
File OdiAPI.dll
Current status: finished
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.07 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.09 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.09 -
DrWeb 4.44.0.09170 2008.03.09 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 -
FileAdvisor 1 2008.03.09 -
Fortinet 3.14.0.0 2008.03.08 -
F-Prot 4.4.2.54 2008.03.09 -
F-Secure 6.70.13260.0 2008.03.09 -
Ikarus T3.1.1.20 2008.03.09 -
Kaspersky 7.0.0.125 2008.03.09 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2932 2008.03.09 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.09 -
Rising 20.34.62.00 2008.03.09 -
Sophos 4.27.0 2008.03.09 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.09 -
TheHacker 6.2.92.239 2008.03.09 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.09 -
Additional information
File size: 53248 bytes
MD5: a9117f57d940498c6230b4c49d2c7c77
SHA1: bb7b2372f1db4c6c1cd5824d859c10092f4a0d55
PEiD: Armadillo v1.xx - v2.xx
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here's the Combofix log txt you asked for:
ComboFix 08-03-05.1 - Becky 2008-03-09 14:11:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -5:00]
Running from: C:\Documents and Settings\Becky\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Becky\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\ahqxencr.dll
C:\WINDOWS\kdldubmh
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\yjejixsv.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ahqxencr.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\yjejixsv.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-05 23:26 . 2008-03-05 23:26 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-04 21:14 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-04 21:13 . 2008-03-04 21:14 <DIR> d-------- C:\Program Files\Java
2008-03-04 21:13 . 2008-03-04 21:13 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-03 07:45 . 2008-03-03 07:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 07:45 . 2008-03-03 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-02 22:40 . 2008-03-02 22:40 <DIR> d-------- C:\Documents and Settings\Becky\Application Data\Malwarebytes
2008-03-02 22:39 . 2008-03-02 22:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-02 22:39 . 2008-03-02 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-02 22:17 . 2008-03-02 22:17 <DIR> d-------- C:\Program Files\CCleaner
2008-03-02 09:58 . 2008-03-02 09:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 22:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-01 15:17 . 2008-03-01 15:18 <DIR> d-------- C:\WINDOWS\kdldubmh
2008-02-24 23:50 . 2008-02-24 23:50 <DIR> d--hs---- C:\found.000
2008-02-24 23:42 . 2008-02-24 23:42 401 --a------ C:\WINDOWS\system32\L91CA.tmp
2008-02-16 20:55 . 2008-02-16 20:55 <DIR> d-------- C:\Program Files\Audacity
2008-02-16 20:07 . 2008-02-16 20:07 58 --a------ C:\WINDOWS\coolacm.ini
2008-02-16 18:49 . 2005-07-30 22:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2008-02-16 18:49 . 2005-07-30 22:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2008-02-16 18:49 . 2003-06-13 18:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL
2008-02-16 18:49 . 2004-06-21 11:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2008-02-16 18:49 . 2001-04-09 20:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS
2008-02-16 18:48 . 2008-02-16 18:49 <DIR> d-------- C:\Program Files\Olympus
2008-02-16 18:44 . 2006-04-07 18:05 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll
2008-02-16 18:44 . 2006-04-07 18:06 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 02:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-05 00:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-05 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 02:58 --------- d-----w C:\Program Files\Network Associates
2008-03-03 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-02-24 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-16 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 23:38 2,326,901 ----a-w C:\Program Files\DVDFabHDDecrypter3112.exe
2006-05-06 15:00 19,552 ----a-w C:\Documents and Settings\Becky\Application Data\GDIPFONTCACHEV1.DAT
2005-09-02 19:28 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2005-09-02 19:27 1,665,325 ----a-w C:\Program Files\agsetup.exe
2005-08-30 00:23 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2005-08-30 00:18 520,898 ----a-w C:\Program Files\DVD43_3-6-2_Setup.exe
2001-05-31 08:02 1,119,232 ----a-w C:\Program Files\mirc59t.exe
1995-05-27 15:13 551,584 ----a-w C:\Program Files\LVIEWP1B.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_22.30.21.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-04 16:38:52 154,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d.exe
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-08-20 11:47 1912832]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 20:46 579072]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-12 19:50 33792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-11 22:11 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 18:15 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-02-16 18:49:35 118784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
--a------ 2004-03-03 21:33 729600 C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
S3 USB28xxBGA;USB 2800 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 18:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-09 07:32:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-09 14:13:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-09 14:14:16
ComboFix-quarantined-files.txt 2008-03-09 19:14:02
ComboFix2.txt 2008-03-06 04:30:48
.
2008-03-07 04:58:33 --- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here's the Malwarebytes log you asked for:
Malwarebytes' Anti-Malware 1.05
Database version: 442
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 77153
Time elapsed: 37 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
~~~~~~~~~~~~~~~~~~~~~~~~~
Here's the Kaspersky scan log you asked for:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 4:10:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 619352
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 51840
Number of viruses found: 9
Number of infected objects: 21
Number of suspicious objects: 6
Duration of the scan process: 00:46:01
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12132006-130534.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak17.zip/hcwprn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/wml.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip/msole32.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Becky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\History\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Becky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Becky\My Documents\My Downloads\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Becky\My Documents\My Downloads\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Becky\My Documents\My Downloads\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Becky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Becky\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Becky\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\oldmIRC\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\oldmIRC2\mirc32-2.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\Program Files\Sygate\SSA\debug.log Object is locked skipped
C:\Program Files\Sygate\SSA\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SSA\seclog.log Object is locked skipped
C:\Program Files\Sygate\SSA\syslog.log Object is locked skipped
C:\Program Files\Sygate\SSA\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\ahqxencr.dll.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\yjejixsv.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1018\A0058891.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1018\A0058891.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.h skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1018\A0058891.exe/stream/data0004 Infected: Trojan-Downloader.Win32.Agent.jjq skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1018\A0058891.exe/stream Infected: Trojan-Downloader.Win32.Agent.jjq skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1018\A0058891.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1028\A0059919.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1028\A0059919.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1031\A0060796.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1031\A0060810.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1031\A0060810.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1031\A0060810.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1044\A0061532.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1044\A0061540.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1044\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6D75E633-1F5D-41E6-B42B-05B50B0CA227}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{C6026DF1-CB8C-4AFA-B4A4-051661024E55}\RP1044\change.log Object is locked skipped
Scan process completed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And finally, here is the New highjackthis log you asked for:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:14 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
--
End of file - 3980 bytes