Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Pat Reidy "your system is infected with dangerous v


  • This topic is locked This topic is locked
9 replies to this topic

#1 TractorTom

TractorTom

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 26 May 2008 - 11:52 PM

A friend of mine has a problem with his laptop. He keeps getting a popup saying "your system is infected with dangerous viruses". He had Norton 360. We changed this to AVG Internet Security but same problem. Any ideas?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:34:45, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SafetyNet Online Backup Manager\aua\bin\AuaObm.exe
C:\Program Files\SafetyNet Online Backup Manager\aua\jvm\bin\AuaObmJW.exe
C:\Program Files\SafetyNet Online Backup Manager\bin\Scheduler.exe
C:\Program Files\SafetyNet Online Backup Manager\jvm\bin\SchedulerOBM.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SafetyNet Online Backup Manager\bin\SystemTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xyea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=2070611
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie...amp;ibd=2070611
O2 - BHO: (no name) - {07802794-37CA-40C3-B230-FCEB69C36C82} - C:\WINDOWS\system32\awtustqO.dll (file missing)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {47551F98-CC7F-4701-A650-D7231EEA60BD} - C:\WINDOWS\system32\opnlIyAr.dll (file missing)
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - C:\WINDOWS\oddogy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v4.dll (file missing)
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OBSystemTray] "C:\Program Files\SafetyNet Online Backup Manager\bin\SystemTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Pat\LOCALS~1\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [644a696c] rundll32.exe "C:\WINDOWS\system32\cuycxrwr.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-2491522225-3128632798-593483604-1008\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-2491522225-3128632798-593483604-1008\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: opnlIyAr - opnlIyAr.dll (file missing)
O21 - SSODL: AvpRom - {cb043dcc-6b93-4632-ba86-555c60135827} - C:\WINDOWS\Resources\AvpRom.dll (file missing)
O21 - SSODL: PreBootCheck - {ebbbf663-b14c-451a-a0ee-87ba3d5c1152} - C:\WINDOWS\Resources\KbdVolume.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: AutoUpdateAgent (SafetyNet Online Backup Manager) (OBAutoUpdate) - Unknown owner - C:\Program Files\SafetyNet Online Backup Manager\aua\bin\AuaObm.exe
O23 - Service: Online Backup Scheduler (SafetyNet Online Backup Manager) (OBScheduler) - Unknown owner - C:\Program Files\SafetyNet Online Backup Manager\bin\Scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14295 bytes

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 27 May 2008 - 06:43 AM

Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 TractorTom

TractorTom

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 May 2008 - 07:44 AM

We have done as requested but when we try to post the ComboFix log, we get a "too long" error messages. It is 515KB. I'll try breaking it up and posting seperately.

The HJT and Kepersky logs are attached.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:30, on 28/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SafetyNet Online Backup Manager\aua\bin\AuaObm.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SafetyNet Online Backup Manager\bin\Scheduler.exe
C:\Program Files\SafetyNet Online Backup Manager\aua\jvm\bin\AuaObmJW.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafetyNet Online Backup Manager\jvm\bin\SchedulerOBM.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SafetyNet Online Backup Manager\bin\SystemTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xyea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=2070611
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ie...amp;ibd=2070611
O2 - BHO: (no name) - {07802794-37CA-40C3-B230-FCEB69C36C82} - C:\WINDOWS\system32\awtustqO.dll (file missing)
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {47551F98-CC7F-4701-A650-D7231EEA60BD} - C:\WINDOWS\system32\opnlIyAr.dll (file missing)
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - C:\WINDOWS\oddogy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [OBSystemTray] "C:\Program Files\SafetyNet Online Backup Manager\bin\SystemTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [644a696c] rundll32.exe "C:\WINDOWS\system32\cuycxrwr.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: opnlIyAr - opnlIyAr.dll (file missing)
O21 - SSODL: AvpRom - {cb043dcc-6b93-4632-ba86-555c60135827} - C:\WINDOWS\Resources\AvpRom.dll (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: AutoUpdateAgent (SafetyNet Online Backup Manager) (OBAutoUpdate) - Unknown owner - C:\Program Files\SafetyNet Online Backup Manager\aua\bin\AuaObm.exe
O23 - Service: Online Backup Scheduler (SafetyNet Online Backup Manager) (OBScheduler) - Unknown owner - C:\Program Files\SafetyNet Online Backup Manager\bin\Scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13436 bytes





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 2:03:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 808260
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 101230
Number of viruses found: 2
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 02:00:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgfw8u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\DeletedFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\MovedFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\NewFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\UnchangedFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\UpdatedFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\.obm\ipc\BackupSet\1201536750296\UPdatePermissionFileList.sft Object is locked skipped
C:\Documents and Settings\Pat\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Audit Training.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Drafts.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Viruses.dbx Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\History\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Temp\~DF4B4A.tmp Object is locked skipped
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pat\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pat\ntuser.dat.LOG Object is locked skipped
C:\i386\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.d skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.d skipped
C:\Program Files\SafetyNet Online Backup Manager\aua\log\agent\job.log Object is locked skipped
C:\Program Files\SafetyNet Online Backup Manager\aua\log\error\debug.log Object is locked skipped
C:\Program Files\SafetyNet Online Backup Manager\aua\log\job\20080528\082431.log Object is locked skipped
C:\Program Files\SafetyNet Online Backup Manager\aua\log\update\job.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248\A0039996.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248\A0039996.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248\A0039996.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248\A0039996.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP248\A0039996.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP253\A0042367.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP253\A0042367.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP253\A0042367.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP253\A0042367.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP253\A0042367.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP282\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0B426052-D71F-4ACB-854B-8F4B885D3192}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LMIinit.dll.000.bak Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.d skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2780 Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2860 Object is locked skipped
C:\WINDOWS\Temp\T30DebugLogFile.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#4 TractorTom

TractorTom

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 May 2008 - 07:52 AM

The ComboFix log file is 242 pages of A4 text! I'm at a loss as to what to do next.

#5 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 28 May 2008 - 09:46 AM

Can you host it at a site like mediafire.com and post the link

#6 TractorTom

TractorTom

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 May 2008 - 11:49 PM

Here it is http://www.mediafire.com/?xyl2mx4m3zk

#7 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 29 May 2008 - 06:41 AM

Is this an Asian Operating System or something like that ? Can you run ComboFix again and post the log Make sure you don't mess with the log as there seems to be a mix of UNICODE and ANSCII in it, wrecking the log

#8 TractorTom

TractorTom

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 29 May 2008 - 11:24 PM

The OS is a standard XP Pro with UK English. Ran ComboFix again and the log is much reduced from 200 plus pages to 12!

ComboFix 08-05-26.2 - Pat 2008-05-29 18:29:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1376 [GMT 1:00]
Running from: C:\Documents and Settings\Pat\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 07:43 . 2008-05-29 13:23 <DIR> d-------- C:\Documents and Settings\Pat\.housecall6.6
2008-05-28 11:22 . 2008-05-28 11:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 11:22 . 2008-05-28 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:45 . 2008-05-27 15:45 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-05-27 09:24 . 2008-05-27 09:24 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-27 09:24 . 2008-05-27 09:24 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-27 09:24 . 2008-05-27 09:24 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-27 09:24 . 2008-05-27 09:24 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-27 09:21 . 2008-05-27 09:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-27 08:59 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-05-25 11:54 . 2008-05-25 11:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-24 12:06 . 2008-05-29 01:57 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-24 11:55 . 2008-05-24 11:55 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-24 11:55 . 2008-05-24 11:55 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-24 11:54 . 2008-05-29 10:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-24 11:54 . 2008-05-24 11:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-24 11:54 . 2008-05-24 11:54 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-24 11:51 . 2008-05-24 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-24 11:51 . 2008-05-24 11:51 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-24 11:51 . 2008-05-24 11:51 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-24 11:21 . 2008-05-24 11:51 <DIR> d-------- C:\Program Files\AVG
2008-05-24 08:20 . 2008-05-24 08:20 <DIR> d-------- C:\iSecurity
2008-05-23 17:53 . 2008-05-23 22:01 <DIR> d-------- C:\WINDOWS\system32\566828
2008-05-23 17:53 . 2008-05-24 13:27 <DIR> d-------- C:\Program Files\IE Extensions
2008-05-23 17:53 . 2008-05-23 17:53 149 --a------ C:\term.bat
2008-05-20 11:21 . 2008-05-20 17:51 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-20 11:21 . 2008-05-20 11:21 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\PC Tools
2008-05-20 11:21 . 2008-05-29 18:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-20 11:21 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-20 11:21 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-20 11:21 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-20 11:21 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-19 09:47 . 2008-05-19 09:47 254,464 --a------ C:\WINDOWS\oddogy.dll
2008-05-17 21:51 . 2008-05-17 21:51 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-15 15:27 . 2008-05-15 15:32 <DIR> d-------- C:\Nat Med Rec Audit
2008-05-15 12:37 . 2008-05-15 12:37 <DIR> d-------- C:\dpa
2008-05-14 21:55 . 2006-09-07 05:34 347,776 -ra------ C:\WINDOWS\system32\drivers\rt73.sys
2008-05-14 21:55 . 2005-11-30 04:33 2,048 --------- C:\WINDOWS\system32\drivers\rt73.bin
2008-05-14 21:54 . 2008-05-14 21:54 <DIR> d-------- C:\Program Files\Belkin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 01:06 --------- d-----w C:\Program Files\LogMeIn
2008-05-25 07:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-25 07:09 --------- d-----w C:\Program Files\Norton 360
2008-05-25 07:08 --------- d-----w C:\Program Files\Symantec
2008-05-19 14:14 --------- d-----w C:\Program Files\Java
2008-05-14 20:56 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-14 20:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-23 10:46 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-23 10:46 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 10:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-23 10:45 --------- d-----w C:\Program Files\Real
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-28_ 8.27.53.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 07:18:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 17:22:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-09 15:13:06 212,992 ----a-w C:\WINDOWS\Downloaded Program Files\TSEasyInstallMgr.dll
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-27 09:51:55 82,968 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-28 07:26:00 82,968 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-27 09:51:55 457,850 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-28 07:26:01 457,850 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07802794-37CA-40C3-B230-FCEB69C36C82}]
C:\WINDOWS\system32\awtustqO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3C4699-B285-475F-BE47-0B26088CE876}]
C:\Program Files\Video ActiveX Access\iesplg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47551F98-CC7F-4701-A650-D7231EEA60BD}]
C:\WINDOWS\system32\opnlIyAr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
2008-05-19 09:47 254464 --a------ C:\WINDOWS\oddogy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= "C:\Program Files\Video ActiveX Access\iesbpl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{f06e2abe-3a50-4079-be25-fc100d9eaa25}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"= C:\Program Files\Video ActiveX Access\iesbpl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{f06e2abe-3a50-4079-be25-fc100d9eaa25}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13 176128]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 08:32 102400]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-11 15:24 227328]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55 49152]
"OBSystemTray"="C:\Program Files\SafetyNet Online Backup Manager\bin\SystemTray.exe" [2007-11-28 12:41 270336]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 11:45 185896]
"644a696c"="C:\WINDOWS\system32\cuycxrwr.dll" [ ]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-24 11:54 1177368]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

C:\Documents and Settings\Pat\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [9/1/2007 10:30:28 AM 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Client Utility.lnk - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe [12/1/2006 4:26:40 PM 1585152]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/11/2007 3:22:22 PM 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [8/25/2006 9:45:30 AM 192512]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 4:33:46 AM 282624]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [8/3/2007 10:10:00 AM 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{47551F98-CC7F-4701-A650-D7231EEA60BD}"= C:\WINDOWS\system32\opnlIyAr.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AvpRom"= {cb043dcc-6b93-4632-ba86-555c60135827} - C:\WINDOWS\Resources\AvpRom.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-27 19:00 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlIyAr]
opnlIyAr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clT87.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\krA87.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksA42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lwI13.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\raH75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saI10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\scJ31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ucJ31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ygO64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-24 11:55]
R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-24 11:54]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-24 11:54]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-24 11:54]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-24 11:54]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 18:50]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 OBAutoUpdate;AutoUpdateAgent (SafetyNet Online Backup Manager);C:\Program Files\SafetyNet Online Backup Manager\aua\bin\AuaObm.exe [2007-11-28 12:41]
R2 OBScheduler;Online Backup Scheduler (SafetyNet Online Backup Manager);C:\Program Files\SafetyNet Online Backup Manager\bin\Scheduler.exe [2007-11-28 12:41]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-24 11:51]
S0 krA87;krA87;C:\WINDOWS\system32\Drivers\krA87.sys []
S0 ksA42;ksA42;C:\WINDOWS\system32\Drivers\ksA42.sys []
S0 lwI13;lwI13;C:\WINDOWS\system32\Drivers\lwI13.sys []
S0 raH75;raH75;C:\WINDOWS\system32\Drivers\raH75.sys []
S0 saI10;saI10;C:\WINDOWS\system32\Drivers\saI10.sys []
S0 scJ31;scJ31;C:\WINDOWS\system32\Drivers\scJ31.sys []
S0 ucJ31;ucJ31;C:\WINDOWS\system32\Drivers\ucJ31.sys []
S0 ygO64;ygO64;C:\WINDOWS\system32\Drivers\ygO64.sys []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-24 11:51]
S3 GTKCMOS;GTKCMOS;C:\WINDOWS\system32\GTKCMOS.sys [2004-06-15 14:55]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b5ddc0c-6dbc-11dc-896c-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29ad3000-6d1c-11dc-8968-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29ad3001-6d1c-11dc-8968-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d81a18e-a42b-11dc-8990-001b77385f55}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d81a1c1-a42b-11dc-8990-001b77385f55}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed07fac6-6d21-11dc-896a-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed07fac8-6d21-11dc-896a-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53271be-61cc-11dc-895b-001b77385f55}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53271c0-61cc-11dc-895b-001b77385f55}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cb1b6a-6b77-11dc-8967-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cb1b6b-6b77-11dc-8967-0019b9773b82}]
\Shell\AutoRun\command - E:\AutoRun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 09:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 08:24:04 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 18:33:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 18:34:56
ComboFix-quarantined-files.txt 2008-05-29 17:34:49
ComboFix2.txt 2008-05-28 07:28:25
ComboFix3.txt 2007-09-24 12:14:32

Pre-Run: 46,975,856,640 bytes free
Post-Run: 47,061,671,936 bytes free

339 --- E O F --- 2008-05-17 20:51:51

#9 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 30 May 2008 - 05:18 AM

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\oddogy.dll
E:\AutoRun.exe

Folder::

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{47551F98-CC7F-4701-A650-D7231EEA60BD}"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clT87.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\krA87.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksA42.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lwI13.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\raH75.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saI10.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\scJ31.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ucJ31.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ygO64.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b5ddc0c-6dbc-11dc-896c-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29ad3000-6d1c-11dc-8968-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29ad3001-6d1c-11dc-8968-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d81a18e-a42b-11dc-8990-001b77385f55}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d81a1c1-a42b-11dc-8990-001b77385f55}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed07fac6-6d21-11dc-896a-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed07fac8-6d21-11dc-896a-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53271be-61cc-11dc-895b-001b77385f55}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53271c0-61cc-11dc-895b-001b77385f55}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cb1b6a-6b77-11dc-8967-0019b9773b82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5cb1b6b-6b77-11dc-8967-0019b9773b82}]

Driver::
krA87
ksA42
lwI13
raH75
saI10
scJ31
ucJ31
ygO64


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\term.bat

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

#10 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 June 2008 - 05:02 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users