Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vundo and some other stuff

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vundo and some other stuff

Unread postby Platinum » January 8th, 2008, 10:00 am

Pretty sure I have Vundo... been getting popups and virusscan has been popping up at least once a day with some stuff (says vundo is 1 of them)... heres the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:59:53 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\PDF Complete\pdfsty .exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SMINST\Scheduler .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqr.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [35ff0240] rundll32.exe "C:\WINDOWS\system32\bnpggxmf.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY
Advertisement
Register to Remove

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 10th, 2008, 1:18 pm

Hi,

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 11th, 2008, 10:29 am

First off... When my clock came back it now says 09:29, no AM or PM (im guessing it's on a 24 hour clock now?) - also, when I put my mouse over the time the date doesn't say January 11, 2008 it says 2008-01-11

Here's the logs:

ComboFix 08-01-10.2 - cskonberg 2008-01-11 9:23:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.123 [GMT -5:00]
Running from: C:\Documents and Settings\cskonberg\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\Creator\Remind_XP.exe
C:\WINDOWS\Sminst\Recguard.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\bmsvatkr.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\danhnjwk.ini
C:\WINDOWS\system32\eagxmnkr.dll
C:\WINDOWS\system32\gaeignmj.ini
C:\WINDOWS\system32\jxpxtdpx.dll
C:\WINDOWS\system32\kwjnhnad.dll
C:\WINDOWS\system32\lkrpneeu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\RCX2A.tmp
C:\WINDOWS\system32\RCX2D.tmp
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\ueenprkl.dll
C:\WINDOWS\system32\x64
D:\Autorun.inf
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE . . . . failed to delete

Code: Select all
 <pre>
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe
C:\Program Files\Compaq\SetRefresh\SetRefresh .exe ---> SetRefresh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> GoogleToolbarNotifier.exe
C:\Program Files\HP_SDMS\SDMSSplash\launcher .exe ---> launcher.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ---> UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE ---> SHSTAT.EXE
C:\WINDOWS\CREATOR\Remind_XP .exe ---> Remind_XP.exe
C:\WINDOWS\SMINST\Recguard .exe ---> Recguard.exe
C:\WINDOWS\SMINST\Scheduler .exe ---> Scheduler.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre> 

.
.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 09:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 15:42 . 2008-01-08 16:01 <DIR> d-------- C:\VundoFix Backups
2008-01-06 09:35 . 2008-01-06 09:35 75,840 --a------ C:\WINDOWS\system32\pckfnxwf.dll
2008-01-03 16:22 . 2008-01-03 16:46 <DIR> d-------- C:\UBCD4Win
2008-01-03 14:47 . 2008-01-03 14:47 <DIR> d-------- C:\WINDOWS\SetupLog
2008-01-03 09:32 . 2008-01-05 09:33 414 --ahs---- C:\WINDOWS\system32\creowrph.ini
2008-01-02 15:54 . 2008-01-02 15:54 <DIR> d-------- C:\Program Files\Image Media Viewer
2007-12-28 14:14 . 2007-12-28 14:14 <DIR> d-------- C:\USBStorage
2007-12-28 14:13 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-28 10:07 . 2008-01-07 09:11 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-28 10:07 . 2008-01-07 09:11 98,304 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-28 10:07 . 2008-01-07 09:11 94,208 --a------ C:\WINDOWS\system32\igfxpers .exe
2007-12-28 09:51 . 2007-12-28 09:52 <DIR> d-------- C:\Program Files\SAAZ Remote Console
2007-12-28 09:50 . 2007-12-28 09:50 290,816 --a------ C:\WINDOWS\system32\WINHTTP5.DLL
2007-12-27 21:28 . 2008-01-10 20:00 <DIR> d-------- C:\quarantine
2007-12-26 09:41 . 2007-12-28 10:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-26 09:41 . 2007-12-26 09:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-24 09:26 . 2007-12-24 09:30 <DIR> d-------- C:\Program Files\mIRC
2007-12-24 09:26 . 2007-12-24 09:35 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\mIRC
2007-12-24 09:08 . 2007-12-24 09:08 <DIR> d-------- C:\Program Files\Runtime Software
2007-12-24 09:02 . 2008-01-02 15:30 <DIR> d-------- C:\Program Files\DNA
2007-12-24 09:02 . 2007-12-24 09:02 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-24 09:02 . 2007-12-28 10:04 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\DNA
2007-12-24 09:02 . 2007-12-28 10:04 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\BitTorrent
2007-12-20 17:42 . 2007-12-20 17:42 <DIR> d-------- C:\Documents and Settings\administrator.DRIVE\Application Data\Talkback
2007-12-20 03:00 . 2007-12-20 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 13:39 . 2008-01-03 15:41 <DIR> d-------- C:\Documents and Settings\cskonberg\SapWorkDir
2007-12-19 13:39 . 2007-12-19 13:39 655 --a------ C:\WINDOWS\saplogon.ini
2007-12-19 10:17 . 2006-12-22 07:40 352,256 --a------ C:\WINDOWS\system32\sapfcpl.cpl
2007-12-19 10:16 . 2007-12-19 10:16 <DIR> d-------- C:\Program Files\SAP
2007-12-19 10:16 . 2007-12-19 10:17 <DIR> d-------- C:\Program Files\Common Files\SAP Shared
2007-12-19 10:15 . 2007-12-19 10:17 <DIR> d--h----- C:\WINDOWS\SAPwksta
2007-12-17 09:39 . 2007-12-17 09:39 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\Redemption
2007-12-17 09:15 . 2007-12-17 09:39 141 --a------ C:\WINDOWS\REDEMUNINS.INI
2007-12-17 09:13 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-13 10:19 . 2007-12-13 10:19 <DIR> d-------- C:\Program Files\Radmin
2007-12-13 10:19 . 2001-07-24 10:15 241,664 --a------ C:\WINDOWS\system32\r_server.exe
2007-12-13 10:19 . 2000-07-10 07:06 90,112 --a------ C:\WINDOWS\system32\admdll.dll
2007-12-13 10:19 . 2000-07-08 01:29 29,408 --a------ C:\WINDOWS\system32\raddrv.dll
2007-12-13 10:01 . 2007-12-13 10:01 <DIR> d-------- C:\WINDOWS\Sun
2007-12-12 11:34 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-12 11:23 . 2007-12-12 11:23 1,167 --a------ C:\WINDOWS\mozver.dat
2007-12-12 10:29 . 2007-12-12 10:29 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-12-12 10:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-12 10:29 . 2007-12-20 17:06 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-12 10:26 . 2007-12-12 10:26 <DIR> dr-h----- C:\MSOCache
2007-12-12 10:07 . 2007-12-12 10:07 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\Talkback
2007-12-12 10:07 . 2007-12-12 10:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-12 10:04 . 2007-07-07 17:52 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\SampleView
2007-12-12 09:58 . 2007-12-12 09:58 <DIR> d-------- C:\WINDOWS\SchCache
2007-12-12 09:58 . 2007-07-07 17:52 <DIR> d-------- C:\Documents and Settings\administrator.DRIVE\Application Data\SampleView
2007-12-12 09:52 . 2007-12-12 09:52 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-12-12 09:52 . 2007-12-12 09:52 <DIR> d-------- C:\Program Files\activePDF
2007-12-12 09:52 . 2004-02-25 19:31 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-12-12 09:52 . 2007-12-12 09:52 129 --a------ C:\WINDOWS\primopdf.ini
2007-12-12 09:48 . 2007-12-12 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-12 09:48 . 2008-01-04 17:01 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-12 09:47 . 2007-12-12 09:48 <DIR> d-------- C:\Program Files\Network Associates
2007-12-12 09:47 . 2007-12-12 09:47 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-12-12 09:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-12 09:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-12 09:18 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-12 09:18 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-12 09:18 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-12 09:18 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-12 09:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-12 09:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-12 09:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-12 09:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 15:04 --------- d-----w C:\Program Files\PDF Complete
2008-01-02 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 14:57 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
Code: Select all
<pre>
----a-w           290,112 2008-01-02 14:32:10  C:\Program Files\DNA\btdna .exe
----a-w           331,552 2008-01-08 21:06:57  C:\Program Files\PDF Complete\pdfsty .exe
----a-w           114,688 2008-01-07 14:11:14  C:\WINDOWS\system32\hkcmd .exe
----a-w            94,208 2008-01-07 14:11:15  C:\WINDOWS\system32\igfxpers .exe
----a-w            98,304 2008-01-07 14:11:12  C:\WINDOWS\system32\igfxtray .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-11 09:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [ ]
"SDMSSplash"="C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" [2008-01-08 16:06 86016]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2008-01-08 16:07 525824]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2008-01-08 16:07 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2008-01-08 16:07 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2008-01-08 16:07 888832]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-01-08 16:07 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-01-08 16:07 135224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-08 16:07 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqqo]
rqrrqqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-1498\Scripts\Logon\0\0]
"Script"=moveprinter-md07-md08.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-1498\Scripts\Logon\1\0]
"Script"=DrivePrinter.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-500\Scripts\Logon\0\0]
"Script"=moveprinter-md07-md08.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtqr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-11 09:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 12:07]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-04-13 11:44]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 12:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75475a49-b579-11dc-81af-0019dba161bc}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a795715-a9a0-11dc-81ad-0019dba161bc}]
\Shell\AutoRun\command - F:\ONSPCLCK.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 09:27:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2008-01-11 9:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 14:28:10
.
2008-01-10 08:00:51 --- E O F ---


==================================================================================================

Logfile of HijackThis v1.99.1
Scan saved at 09:31, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rqrrqqo - rqrrqqo.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 11th, 2008, 12:13 pm

Hi,

Step 1

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
RenV::
----a-w           290,112 2008-01-02 14:32:10  C:\Program Files\DNA\btdna .exe
----a-w           331,552 2008-01-08 21:06:57  C:\Program Files\PDF Complete\pdfsty .exe
----a-w           114,688 2008-01-07 14:11:14  C:\WINDOWS\system32\hkcmd .exe
----a-w            94,208 2008-01-07 14:11:15  C:\WINDOWS\system32\igfxpers .exe
----a-w            98,304 2008-01-07 14:11:12  C:\WINDOWS\system32\igfxtray .exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqqo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

File::
C:\WINDOWS\system32\awtqr.exe


Warning: The above script is just for Platinum. If you are not Platinum, do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post back this log as well as a new HijackThis log.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Step 2

Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\pckfnxwf.dll for scanning.

For Virus Total

  1. Please copy and paste C:\WINDOWS\system32\pckfnxwf.dll in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\WINDOWS\system32\pckfnxwf.dll in the text box next to the Browse button.
  2. Click on Submit.

Regarding your clock settings, Combofix has changed it and it probably hasn't changed back correctly. A restart of your computer should change it back to the correct settings.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. Virus Total or Jotti's scan results of the C:\WINDOWS\system32\pckfnxwf.dll file
  3. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 11th, 2008, 12:48 pm

ComboFix 08-01-10.2 - cskonberg 2008-01-11 11:35:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.121 [GMT -5:00]
Running from: C:\Documents and Settings\cskonberg\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\cskonberg\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\awtqr.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 09:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 15:42 . 2008-01-08 16:01 <DIR> d-------- C:\VundoFix Backups
2008-01-06 09:35 . 2008-01-06 09:35 75,840 --a------ C:\WINDOWS\system32\pckfnxwf.dll
2008-01-03 16:22 . 2008-01-03 16:46 <DIR> d-------- C:\UBCD4Win
2008-01-03 14:47 . 2008-01-03 14:47 <DIR> d-------- C:\WINDOWS\SetupLog
2008-01-03 09:32 . 2008-01-05 09:33 414 --ahs---- C:\WINDOWS\system32\creowrph.ini
2008-01-02 15:54 . 2008-01-02 15:54 <DIR> d-------- C:\Program Files\Image Media Viewer
2007-12-28 14:14 . 2007-12-28 14:14 <DIR> d-------- C:\USBStorage
2007-12-28 14:13 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-28 10:07 . 2008-01-07 09:11 114,688 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-12-28 10:07 . 2008-01-07 09:11 98,304 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-12-28 10:07 . 2008-01-07 09:11 94,208 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-12-28 09:51 . 2007-12-28 09:52 <DIR> d-------- C:\Program Files\SAAZ Remote Console
2007-12-28 09:50 . 2007-12-28 09:50 290,816 --a------ C:\WINDOWS\system32\WINHTTP5.DLL
2007-12-27 21:28 . 2008-01-10 20:00 <DIR> d-------- C:\quarantine
2007-12-26 09:41 . 2007-12-28 10:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-26 09:41 . 2007-12-26 09:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-24 09:26 . 2007-12-24 09:30 <DIR> d-------- C:\Program Files\mIRC
2007-12-24 09:26 . 2007-12-24 09:35 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\mIRC
2007-12-24 09:08 . 2007-12-24 09:08 <DIR> d-------- C:\Program Files\Runtime Software
2007-12-24 09:02 . 2008-01-11 11:35 <DIR> d-------- C:\Program Files\DNA
2007-12-24 09:02 . 2007-12-24 09:02 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-24 09:02 . 2007-12-28 10:04 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\DNA
2007-12-24 09:02 . 2007-12-28 10:04 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\BitTorrent
2007-12-20 17:42 . 2007-12-20 17:42 <DIR> d-------- C:\Documents and Settings\administrator.DRIVE\Application Data\Talkback
2007-12-20 03:00 . 2007-12-20 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 13:39 . 2008-01-11 11:34 <DIR> d-------- C:\Documents and Settings\cskonberg\SapWorkDir
2007-12-19 13:39 . 2007-12-19 13:39 655 --a------ C:\WINDOWS\saplogon.ini
2007-12-19 10:17 . 2006-12-22 07:40 352,256 --a------ C:\WINDOWS\system32\sapfcpl.cpl
2007-12-19 10:16 . 2007-12-19 10:16 <DIR> d-------- C:\Program Files\SAP
2007-12-19 10:16 . 2007-12-19 10:17 <DIR> d-------- C:\Program Files\Common Files\SAP Shared
2007-12-19 10:15 . 2007-12-19 10:17 <DIR> d--h----- C:\WINDOWS\SAPwksta
2007-12-17 09:39 . 2007-12-17 09:39 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\Redemption
2007-12-17 09:15 . 2007-12-17 09:39 141 --a------ C:\WINDOWS\REDEMUNINS.INI
2007-12-17 09:13 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-13 10:19 . 2007-12-13 10:19 <DIR> d-------- C:\Program Files\Radmin
2007-12-13 10:19 . 2001-07-24 10:15 241,664 --a------ C:\WINDOWS\system32\r_server.exe
2007-12-13 10:19 . 2000-07-10 07:06 90,112 --a------ C:\WINDOWS\system32\admdll.dll
2007-12-13 10:19 . 2000-07-08 01:29 29,408 --a------ C:\WINDOWS\system32\raddrv.dll
2007-12-13 10:01 . 2007-12-13 10:01 <DIR> d-------- C:\WINDOWS\Sun
2007-12-12 11:34 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-12 11:23 . 2007-12-12 11:23 1,167 --a------ C:\WINDOWS\mozver.dat
2007-12-12 10:29 . 2007-12-12 10:29 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-12-12 10:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-12 10:29 . 2007-12-20 17:06 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-12 10:28 . 2007-12-12 10:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-12 10:26 . 2007-12-12 10:26 <DIR> dr-h----- C:\MSOCache
2007-12-12 10:07 . 2007-12-12 10:07 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\Talkback
2007-12-12 10:07 . 2007-12-12 10:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-12 10:04 . 2007-07-07 17:52 <DIR> d-------- C:\Documents and Settings\cskonberg\Application Data\SampleView
2007-12-12 09:58 . 2007-12-12 09:58 <DIR> d-------- C:\WINDOWS\SchCache
2007-12-12 09:58 . 2007-07-07 17:52 <DIR> d-------- C:\Documents and Settings\administrator.DRIVE\Application Data\SampleView
2007-12-12 09:52 . 2007-12-12 09:52 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-12-12 09:52 . 2007-12-12 09:52 <DIR> d-------- C:\Program Files\activePDF
2007-12-12 09:52 . 2004-02-25 19:31 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-12-12 09:52 . 2007-12-12 09:52 129 --a------ C:\WINDOWS\primopdf.ini
2007-12-12 09:48 . 2007-12-12 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-12 09:48 . 2008-01-04 17:01 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-12 09:47 . 2007-12-12 09:48 <DIR> d-------- C:\Program Files\Network Associates
2007-12-12 09:47 . 2007-12-12 09:47 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-12-12 09:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-12 09:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-12 09:18 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-12 09:18 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-12 09:18 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-12 09:18 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-12 09:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-12 09:18 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-12 09:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-12 09:18 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 16:35 --------- d-----w C:\Program Files\PDF Complete
2008-01-02 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 14:57 --------- d-----w C:\Program Files\Google
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 22:37 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 05:57 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_ 9.27.57.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 14:23:03 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 16:35:42 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 14:23:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 16:35:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 14:23:03 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 16:35:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-11 14:23:03 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 16:35:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 14:23:03 2,473,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-11 16:35:42 2,490,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-11 14:23:03 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 16:35:42 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-11 09:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2008-01-08 16:06 331552]
"SDMSSplash"="C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" [2008-01-08 16:06 86016]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2008-01-08 16:07 525824]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2008-01-08 16:07 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2008-01-08 16:07 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2008-01-08 16:07 888832]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-01-08 16:07 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-01-08 16:07 135224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-08 16:07 39792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-1498\Scripts\Logon\0\0]
"Script"=moveprinter-md07-md08.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-1498\Scripts\Logon\1\0]
"Script"=DrivePrinter.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1604221776-1801674531-500\Scripts\Logon\0\0]
"Script"=moveprinter-md07-md08.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-01-02 09:32 290112 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-07 09:11 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-07 09:11 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-07 09:11 94208 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-11 09:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 12:07]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-04-13 11:44]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 12:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75475a49-b579-11dc-81af-0019dba161bc}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a795715-a9a0-11dc-81ad-0019dba161bc}]
\Shell\AutoRun\command - F:\ONSPCLCK.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 11:36:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2008-01-11 11:37:17
ComboFix-quarantined-files.txt 2008-01-11 16:37:14
ComboFix2.txt 2008-01-11 14:28:13
.
2008-01-10 08:00:51 --- E O F ---




==========================================================================

Antivirus Version Last Update Result
AhnLab-V3 2008.1.12.10 2008.01.11 -
AntiVir 7.6.0.46 2008.01.11 TR/Vundo.Gen
Authentium 4.93.8 2008.01.11 -
Avast 4.7.1098.0 2008.01.11 -
AVG 7.5.0.516 2008.01.11 Lop
BitDefender 7.2 2008.01.11 Trojan.Vundo.DVC
CAT-QuickHeal 9.00 2008.01.11 -
ClamAV 0.91.2 2008.01.11 -
DrWeb 4.44.0.09170 2008.01.11 -
eSafe 7.0.15.0 2008.01.10 -
eTrust-Vet 31.3.5449 2008.01.11 Win32/Darksma.HM
Ewido 4.0 2008.01.11 -
FileAdvisor 1 2008.01.11 -
Fortinet 3.14.0.0 2008.01.11 -
F-Prot 4.4.2.54 2008.01.10 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13030.0 2008.01.11 -
Ikarus T3.1.1.20 2008.01.11 -
Kaspersky 7.0.0.125 2008.01.11 -
McAfee 5204 2008.01.10 -
Microsoft 1.3109 2008.01.11 -
NOD32v2 2784 2008.01.11 -
Norman 5.80.02 2008.01.11 W32/Virtumonde.JOL
Panda 9.0.0.4 2008.01.11 Suspicious file
Prevx1 V2 2008.01.11 Trojan.Vundo
Rising 20.26.42.00 2008.01.11 -
Sophos 4.24.0 2008.01.11 Troj/Virtum-Gen
Sunbelt 2.2.907.0 2008.01.11 -
Symantec 10 2008.01.11 Trojan.Vundo
TheHacker 6.2.9.186 2008.01.11 -
VBA32 3.12.2.5 2008.01.11 -
VirusBuster 4.3.26:9 2008.01.11 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2008.01.11 Trojan.Vundo.Gen

Additional information
File size: 75840 bytes
MD5: 242c55d0b8955cdc0e2799ed042061b8
SHA1: 6cfe617f284f419552c0c5984fab85bb5ce7c853
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext. ... 001D428A59



=========================================================================


Logfile of HijackThis v1.99.1
Scan saved at 11:50, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 12th, 2008, 12:38 am

Hi,

Please delete this file.

C:\WINDOWS\system32\pckfnxwf.dll

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.

In your next reply, please post:

  1. CCleaner install.txt
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 14th, 2008, 10:02 am

Activation Assistant for the 2007 Microsoft Office suites
Adobe Reader 8.1.1
BitTorrent 6.0
Business Contact Manager for Outlook 2007
CCleaner (remove only)
CleanUp!
Default
DNA
GetDataBack for NTFS
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Windows XP (KB895246)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB923232)
HP Backup and Recovery Manager
HP Help and Support
HpSdpAppCoreApp
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
mIRC
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
PDF Complete
PrimoPDF
Realtek High Definition Audio Driver
Remote Administrator v2.1
SAAZ Remote Console
SAP Front End
SDMSSplash
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
UBCD4Win 3.06
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
WebFldrs XP
Webster Image Media Viewer 4.1
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB815304
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver


====================================================================

Logfile of HijackThis v1.99.1
Scan saved at 9:04 AM, on 2008/01/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 14th, 2008, 10:00 pm

Hi,

Is this a corporate computer?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 15th, 2008, 10:48 am

yes it is. I'm in the IT department, and I play around with a lot of different programs so probably picked some bad stuff up in the process. What made you ask that question.
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 16th, 2008, 6:34 am

Hi,

That's because you are using an old version of Java and there's no firewall on the system. I don't want to risk breaking any connections or break any compatibility issues after installing a new version of Java.

Do you know if any of the applications that your company uses still rely on the old version of Java? If not, I will go ahead and remove it.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 16th, 2008, 1:06 pm

Alright, I'll remove the old version of Java and install the new one. Consider that done. We have hardware firewalls here in the office, but I also have the windows firewall turned on. Between the 2 we're pretty good, not to worried about that. I guess since I installed the new Java I'll post the same 2 logs as previously posted, but updated.

Logfile of HijackThis v1.99.1
Scan saved at 12:07 PM, on 2008/01/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

================================================================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Reader 8.1.1
BitTorrent 6.0
Business Contact Manager for Outlook 2007
CCleaner (remove only)
CleanUp!
Default
DNA
GetDataBack for NTFS
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Windows XP (KB895246)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB923232)
HP Backup and Recovery Manager
HP Help and Support
HpSdpAppCoreApp
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 4
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
mIRC
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
PDF Complete
PrimoPDF
Radmin Viewer 3.1
Realtek High Definition Audio Driver
Remote Administrator v2.1
SAAZ Remote Console
SAP Front End
SDMSSplash
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
UBCD4Win 3.06
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
WebFldrs XP
Webster Image Media Viewer 4.1
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB815304
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 17th, 2008, 12:39 am

Step 1

Step 1

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.1.43-3339.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.

Do not run a scan yet. You will run a scan later.

Step 2
  1. Click on Start > All Programs > CCleaner > CCleaner.
  2. On the Windows tab, leave the default options alone.
  3. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  4. Click on the Run Cleaner button at the bottom right hand corner.
  5. Close CCleaner.

Step 3

Please print out or save this set of instructions as you will not have internet access during the fix.

Reboot into Safe Mode by following the instructions below:

  • When you see BIOS screen, start pressing F8.
  • A boot menu will appear shortly.
  • Using the up down arrows, select Safe Mode and press the Enter key.
  • Windows will now load.
  • Log in to your usual account.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Restart your computer in Normal Mode.

In your next reply, please post:

  1. AVG Antispyware scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby Platinum » January 17th, 2008, 2:53 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:42 PM 2008/01/17

+ Scan result:



C:\QooBox\Quarantine\C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Compaq\SetRefresh\SetRefresh.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\HP_SDMS\SDMSSplash\launcher.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Program Files\Network Associates\Common Framework\UpdaterUI.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\CREATOR\Remind_XP.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SMINST\Recguard.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\SMINST\Scheduler.exe.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2A.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX2D.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-01-11_ 92709.35.zip/SHSTAT.EXE -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003347.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003350.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003351.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003352.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003353.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003354.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003355.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003356.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003357.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003359.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003361.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003368.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003369.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003370.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003393.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003395.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003396.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003397.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003398.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003399.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003400.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003401.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003402.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003403.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003404.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003405.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003406.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP28\A0003409.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003445.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003447.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003451.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003452.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003453.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003454.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003455.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003456.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003457.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003458.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003459.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003460.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003461.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP32\A0003464.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003494.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003496.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003497.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003498.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003500.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003501.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003502.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003503.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003504.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003505.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003507.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP33\A0003510.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003545.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003547.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003549.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003550.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003551.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003552.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003554.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003557.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003560.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003563.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003565.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003566.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003567.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP34\A0003569.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003613.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003615.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003617.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003618.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003619.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003620.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003621.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003622.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003623.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003624.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003626.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003627.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003628.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003635.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003637.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003638.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003639.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003640.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003641.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003642.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003645.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003647.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003649.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003651.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003653.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003655.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003660.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP37\A0003661.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003696.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003698.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003699.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003700.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003701.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003702.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003703.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003704.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003705.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003706.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003707.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003708.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003709.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003753.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003754.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003755.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003772.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003773.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003774.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003780.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003782.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003783.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003784.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP38\A0003785.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003808.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003809.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003810.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003811.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003812.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003815.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003816.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003817.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003818.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003838.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003839.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003843.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003844.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003845.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003846.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003847.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003848.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP41\A0003849.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003909.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003921.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003922.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003923.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003924.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003925.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003926.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP43\A0003927.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtqr.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\hkcmd.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\igfxpers.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\VundoFix Backups\igfxtray.exe.bad -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Program Files\Radmin\AdmDll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\admdll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
:mozilla.668:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.886:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.342:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.469:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.470:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.471:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.472:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.473:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.474:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.475:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.476:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.567:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.146:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.147:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.148:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.149:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.150:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.136:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.282:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.278:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.280:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.281:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.186:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.187:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.188:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.189:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.190:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.192:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.193:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.194:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.117:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.106:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.113:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.114:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.116:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.208:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.209:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.210:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.258:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.259:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.565:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.566:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.652:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.904:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.905:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.885:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.346:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.349:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.283:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.284:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.611:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.618:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.809:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.490:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.491:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.276:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.645:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.437:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.438:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.439:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.440:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.441:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.442:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.443:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.444:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.445:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.343:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.344:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.205:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.206:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.207:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.152:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.153:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.154:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.155:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.156:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.157:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.158:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.159:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.160:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.866:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.867:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.868:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.869:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.119:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.128:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.129:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.130:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.133:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.714:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.297:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.298:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.299:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.300:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.458:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.393:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.398:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.399:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.400:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.401:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.402:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.768:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.769:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.770:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.771:C:\Documents and Settings\cskonberg\Application Data\Mozilla\Firefox\Profiles\q9s6mss6.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP23\A0003069.exe -> Trojan.Dialer.yz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP27\A0003324.exe/keygen.exe -> Trojan.Inject.mt : Cleaned with backup (quarantined).


::Report end



===================================================================

Logfile of HijackThis v1.99.1
Scan saved at 1:54 PM, on 2008/01/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Drive.local
O17 - HKLM\Software\..\Telephony: DomainName = Drive.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Drive.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
User avatar
Platinum
Regular Member
 
Posts: 189
Joined: August 1st, 2005, 2:00 pm
Location: Long Island, NY

Re: Vundo and some other stuff

Unread postby ndmmxiaomayi » January 18th, 2008, 1:01 am

Hi,

C:\Program Files\Radmin\AdmDll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\admdll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\Program Files\Radmin\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Cleaned with backup (quarantined).


AVG Antispyware has quarantined these files, which are part of a remote controlling software that you have (Remote Administrator v2.1).

You will need to restore these files from AVG Antispyware Quarantine if you use this software.

To restore them, do the following:

  1. Open AVG Antispyware.
  2. Click on the Infections button.
  3. Select the above quoted files and click on the Restore button.

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Vundo and some other stuff

Unread postby askey127 » January 26th, 2008, 8:08 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware