analyze this please

Status
Not open for further replies.

precka20

Baseband Member
Messages
27
my sister's laptop is royally messed up, trojans.. everything else.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:04 PM, on 6/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Owner\Application Data\Twain\Twain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\2718524.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\had732ufn8.dll - {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - C:\WINDOWS\system32\had732ufn8.dll
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - jhxm32.dll (file missing)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [04784f75] rundll32.exe "C:\WINDOWS\system32\gubebusi.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM074b7ce9] Rundll32.exe "c:\windows\system32\lulakodu.dll",a
O4 - HKLM\..\Run: [wubapimesi] Rundll32.exe "C:\WINDOWS\system32\relipasi.dll",s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AntivirusXP.exe] C:\Program Files\AntivirusXP\AntivirusXP.exe
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Owner\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SYSDLL] SYSDLL
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\2718524.exe
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPN Client.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179155568453
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179167858312
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yuvayudu.dll c:\windows\system32\lulakodu.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00738D9 - C:\WINDOWS\system32\__c00738D9.dat (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lulakodu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lulakodu.dll (file missing)
O22 - SharedTaskScheduler: hasf8h3rfijfn98gf9iar - {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had732ufn8.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12842 bytes
 
Will do.. the laptop is at home, I didnt bring it into work with me. I will get back to you later today or tomorrow.. thanks
 
sorry its been a while.. just got back to it.. below is the combofix file, it is large and the post keeps telling me Im over my limit by a lot so im replying in pieces.. combofix then malware

ComboFix 09-06-05.05 - Owner 06/09/2009 20:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1621 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk
c:\docume~1\Owner\APPLIC~1\twain\Twain.exe
c:\docume~1\Owner\LOCALS~1\Temp\csrss.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk
c:\documents and settings\Owner\Application Data\twain\Twain.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\Start Menu\Programs\AntivirusXP
c:\documents and settings\Owner\Start Menu\Programs\AntivirusXP\AntivirusXP.lnk
c:\documents and settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk
c:\program files\AntivirusXP
c:\program files\Jcore
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\WWShow
c:\windows\9g2234wesdf3dfgjf23
c:\windows\sonce122730.dat
c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\5cf47dce.sys
c:\windows\system32\drivers\7fdfa520.sys
c:\windows\system32\drivers\ovfsthjtphpavnyeargdnntmwxysyijbtpuooy.sys
c:\windows\system32\had732ufn8.dll
c:\windows\system32\isubebug.ini
c:\windows\system32\ojiyovun.ini
c:\windows\system32\ovfsthetotwtsawfpbflfrxnxbjuhccpnaxcru.dat
c:\windows\system32\ovfsthgquhusmlisjxhoysymkibdtodxotcunt.dll
c:\windows\system32\ovfsthqvjmiuradmrbfsajplpqkqktfbhvbwyl.dat
c:\windows\system32\ovfsthvtxmtoafnuvhjnkomnycxrdwtgkjrvbr.dll
c:\windows\system32\ovfsthydaaodhhdccycybefpouushendvfojlq.dll
c:\windows\system32\ovuvugod.ini
c:\windows\system32\p2hhr.bat
c:\windows\system32\sft.res
c:\windows\system32\sysloc
c:\windows\system32\uniq.tll
c:\windows\system32\vp_setup.exe.bat
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

----- BITS: Possible infected sites -----

hxxp://82.98.235.208
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthfnmxxnxtlmoecmexcbpvrxqejqdvektx
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
-------\Legacy_7fdfa520
-------\Service_5cf47dce
-------\Service_7fdfa520


((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-05 01:55 . 2009-06-05 01:55 22745 ----a-w- c:\windows\system32\install.48025.exe
2009-06-01 23:35 . 2009-06-01 23:35 -------- d-----w- c:\program files\Trend Micro
2009-05-31 13:29 . 2009-05-31 13:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-31 02:20 . 2009-05-26 08:18 105 ----a-w- C:\tj.vbs
2009-05-27 23:53 . 2009-05-27 23:53 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-05-27 03:06 . 2009-05-27 03:12 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-27 03:03 . 2009-05-27 03:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 03:03 . 2009-05-27 03:14 -------- d-----w- c:\program files\Spyware Doctor
2009-05-26 23:27 . 2009-05-26 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-05-26 23:27 . 2009-05-26 23:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-05-26 23:27 . 2009-05-27 03:30 180 ----a-w- C:\487656.bat
2009-05-23 00:40 . 2009-05-23 00:40 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-05-23 00:39 . 2009-05-23 00:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-23 00:38 . 2009-05-23 00:38 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-05-22 22:28 . 2009-05-22 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 22:26 . 2009-05-23 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-22 22:26 . 2009-05-22 22:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-05-22 22:26 . 2009-05-22 22:26 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Yahoo!
2009-05-22 22:24 . 2009-05-22 22:28 -------- d-----w- c:\program files\Yahoo!
2009-05-22 21:58 . 2009-05-22 22:19 -------- dc-h--w- c:\windows\ie8
2009-05-22 21:57 . 2009-05-22 22:33 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-22 21:56 . 2009-05-22 21:56 -------- d-----w- C:\cba19e1cd71871a49785f77c
2009-05-21 23:45 . 2009-06-05 23:28 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-21 23:45 . 2009-06-10 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Twain
2009-05-21 23:45 . 2009-06-10 00:14 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Twain
2009-05-21 23:41 . 2009-05-21 23:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-21 23:41 . 2009-05-21 23:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-21 23:41 . 2009-05-21 23:41 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-21 23:41 . 2009-05-21 23:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-21 23:41 . 2009-06-10 00:11 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-21 23:41 . 2009-05-21 23:46 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-05-21 23:41 . 2009-05-21 23:46 -------- d-----w- c:\docume~1\Owner\APPLIC~1\AVGTOOLBAR
2009-05-21 23:41 . 2009-06-10 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-21 23:41 . 2009-05-21 23:41 -------- d-----w- c:\program files\AVG
2009-05-16 21:00 . 2009-05-22 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\ptidle
2009-05-16 21:00 . 2009-05-22 01:43 -------- d-----w- c:\docume~1\Owner\APPLIC~1\ptidle
2009-05-12 23:47 . 2009-06-01 20:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Audacity
2009-05-12 23:47 . 2009-06-01 20:58 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Audacity
2009-05-12 23:47 . 2009-05-12 23:47 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-05-12 01:54 . 2009-05-12 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-12 01:53 . 2009-05-12 01:53 -------- d-----w- c:\documents and settings\Owner\Application Data\AVS4YOU
2009-05-12 01:53 . 2009-05-12 01:53 -------- d-----w- c:\docume~1\Owner\APPLIC~1\AVS4YOU
2009-05-12 01:53 . 2009-05-12 23:43 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-12 01:53 . 2003-05-21 16:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 01:53 . 2009-05-12 23:43 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 00:27 . 2009-06-10 00:27 32752 ----a-w- c:\windows\system32\NTAgent.exe
2009-06-10 00:23 . 2008-02-08 04:18 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-10 00:23 . 2007-06-11 23:27 47104 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-10 00:10 . 2008-11-12 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-01 19:29 . 2008-02-15 19:39 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-06-01 19:29 . 2008-02-15 19:39 -------- d-----w- c:\docume~1\Owner\APPLIC~1\U3
2009-05-23 00:16 . 2009-05-23 00:16 0 ---ha-w- c:\windows\system32\BIT104.tmp
2009-05-21 23:24 . 2009-05-16 21:14 19372 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-16 21:38 . 2007-05-14 18:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-16 21:33 . 2007-05-10 14:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 21:33 . 2008-02-10 04:10 -------- d-----w- c:\program files\LimeWire
2009-05-16 21:16 . 2007-05-10 13:54 29956 ----a-w- c:\windows\system32\nvModes.dat
2009-05-13 16:38 . 2007-05-10 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 01:53 . 2007-05-14 19:22 71160 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 20:34 . 2008-02-10 04:11 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-04-26 20:34 . 2008-02-10 04:11 -------- d-----w- c:\docume~1\Owner\APPLIC~1\LimeWire
2009-04-22 14:50 . 2009-04-22 14:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-22 14:50 . 2007-05-22 19:45 -------- d-----w- c:\program files\Java
2009-04-22 14:50 . 2009-04-22 14:50 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-25 22:55 . 2008-10-10 06:36 33280 ----a-w- c:\windows\system32\identprv.dll
2007-05-22 20:03 . 2007-05-22 20:03 60516 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-22 20:03 . 2007-05-22 20:03 49246 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-22 07:12 . 2009-04-22 07:12 90624 ----a-w- c:\program files\mozilla firefox\components\WWShow.dll
2007-05-22 20:03 . 2007-05-22 20:03 165990 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-22 21:57 . 2009-02-22 21:57 3 --sha-w- c:\windows\system32\gegoyewu.dll
2009-02-22 21:57 . 2009-02-22 21:57 3 --sha-w- c:\windows\system32\lisuzise.dll
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-22 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-21 1947928]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-28 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-28 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-19 303104]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-9-17 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-21 23:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/21/2009 7:41 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/21/2009 7:41 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/21/2009 7:41 PM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/8/2008 5:42 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 01:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - c:\windows\system32\had732ufn8.dll
BHO-{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - jhxm32.dll
HKCU-Run-AntivirusXP.exe - c:\program files\AntivirusXP\AntivirusXP.exe
HKLM-Run-prnet - c:\windows\system32\prnet.tmp
HKLM-Run-04784f75 - c:\windows\system32\gubebusi.dll
HKLM-Run-CPM074b7ce9 - c:\windows\system32\lulakodu.dll
HKLM-Run-wubapimesi - c:\windows\system32\relipasi.dll
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lulakodu.dll
SharedTaskScheduler-{A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - c:\windows\system32\had732ufn8.dll
Notify-__c00738D9 - c:\windows\system32\__c00738D9.dat
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\va8ffb70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.salemstate.edu/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-09 20:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,d1,a2,a0,d4,85,47,4d,a4,d0,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,d1,a2,a0,d4,85,47,4d,a4,d0,53,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\rpcnet.exe
.
**************************************************************************
.
Completion time: 2009-06-10 20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 00:32

Pre-Run: 1,209,106,432 bytes free
Post-Run: 4,324,896,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

316 --- E O F --- 2009-05-13 16:38
 
malwarebytes...


Malwarebytes' Anti-Malware 1.37
Database version: 2256
Windows 5.1.2600 Service Pack 3

6/9/2009 9:35:37 PM
mbam-log-2009-06-09 (21-35-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 151969
Time elapsed: 56 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mozilla firefox\components\WWShow.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\DOCUME~1\Owner\APPLIC~1\Twain\Twain.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\had732ufn8.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\ovfsthgquhusmlisjxhoysymkibdtodxotcunt.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\ovfsthydaaodhhdccycybefpouushendvfojlq.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\ovfsthjtphpavnyeargdnntmwxysyijbtpuooy.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1b56cce2-f136-43ac-bc87-bcff0052ed36}\RP375\A0132763.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1b56cce2-f136-43ac-bc87-bcff0052ed36}\RP375\A0132765.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1b56cce2-f136-43ac-bc87-bcff0052ed36}\RP375\A0132766.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1b56cce2-f136-43ac-bc87-bcff0052ed36}\RP375\A0132807.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1b56cce2-f136-43ac-bc87-bcff0052ed36}\RP375\A0132837.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\tj.vbs (Malware.Trace) -> Quarantined and deleted successfully.
c:\487656.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\install.48025.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Status
Not open for further replies.
Back
Top Bottom