Hi there,
This is my first post and I have already found this post extremely helpful. It's made a tough situation a lot easier.
I bought a brand new PC last week and was online last night. Everything was going fantastically. The PC was running slickly and I was being extra careful in what programs I was installing.
Anyway, whilst browsing last night I was struck by a huge virus/malware "hijack" which threw my PC into a tailspin. Have never encountered anything like this before. While over the last 24 hours I have tried a number of the fixes suggested - ATF Cleaner, ComboFix, Malwarebytes, DSS (which won't run) and HiJackThis. I have also used CCleaner, Registry Mechanic, Rogue Remover - I still haven't nailed it. You could say it's overkill!
The edge has certainly been taken off the virus, but the PC is now running quite sluggishly. This is a huge disappointment, naturally. I have used my pre-installed software, BitDefender 2008, and then downloaded and used AVG anti-virus.
Below I have included ALL my scans, in the hope that some kind soul will be able to help me. It would be most appreciated and I would be happy to donate to the forum.
I have also used the online "free scan" version of Kaspersky. Most of the programs report that the system is clean, but Kaspersky's online scan reported the following:
Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 21:51:10
Records in database: 999411
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Paul\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned 53731
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 00:38:03
File name Threat name Threats count
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\WINDOWS\system32\Tools\Restart.exe Infected: not-a-virus:RiskTool.Win32.Reboot.j 1
The selected area was scanned.
-----------------------------------------------------------------
ComboFix 08-07-22.4 - Paul 2008-07-23 11:27:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2360 [GMT 1:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jenna\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Paul\Application Data\inst.exe
C:\Documents and Settings\Paul\Favorites\Error Cleaner.url
C:\Documents and Settings\Paul\Favorites\Privacy Protector.url
C:\Documents and Settings\Paul\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\system32\erpyiciv.dll
C:\WINDOWS\system32\iifeBspN.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnnmJyA.dll
C:\WINDOWS\system32\qrBacfii.ini
C:\WINDOWS\system32\qrBacfii.ini2
C:\WINDOWS\system32\viciypre.ini
----- BITS: Possible infected sites -----
http://au.download.windowsupdaj+|Cv+@J:NGD_DQ{zcxLJS@a,D$@!
.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.
2008-07-23 03:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-23 03:40 . 2008-07-23 03:41 <DIR> d-------- C:\Program Files\Java
2008-07-23 03:40 . 2008-07-23 03:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-23 03:03 . 2008-07-23 03:54 3,986 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 03:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 03:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 03:02 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 03:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 03:02 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 03:02 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 03:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-23 03:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 03:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 02:35 . 2008-07-23 11:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-23 02:33 . 2008-07-23 02:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-23 02:33 . 2008-07-23 02:33 <DIR> d-------- C:\Program Files\AVG
2008-07-23 02:33 . 2008-07-23 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 02:33 . 2008-07-23 02:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-23 02:33 . 2008-07-23 02:33 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-23 02:33 . 2008-07-23 02:33 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-23 02:33 . 2008-07-23 02:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-23 02:07 . 2008-07-23 02:08 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-23 01:42 . 2008-07-23 01:42 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-23 01:39 . 2008-07-23 01:39 323,648 --a------ C:\WINDOWS\system32\iifcaBrq.dll
2008-07-22 20:09 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-22 20:08 . 2008-07-22 22:08 <DIR> d-------- C:\Program Files\Audible
2008-07-22 20:08 . 2008-07-22 20:08 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-07-22 20:07 . 2008-07-22 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-07-22 20:05 . 2008-07-22 20:05 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-07-22 02:53 . 2008-07-22 22:05 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Creative
2008-07-22 02:48 . 2008-07-22 02:49 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-07-22 02:48 . 2008-07-22 20:09 <DIR> d-------- C:\Program Files\Creative
2008-07-22 02:48 . 2008-07-22 02:48 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-07-22 02:48 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-07-22 02:48 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-07-22 00:20 . 2008-07-22 01:26 <DIR> d-------- C:\Program Files\Arachnophilia
2008-07-21 23:33 . 2008-07-21 23:33 78 --a------ C:\WINDOWS\Numerical
2008-07-21 22:00 . 2008-07-21 22:00 76 --a------ C:\WINDOWS\Spatial
2008-07-20 02:04 . 2008-07-20 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-20 01:58 . 2008-07-20 01:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-20 01:57 . 2008-04-07 05:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-07-20 01:57 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-07-20 01:53 . 2008-07-20 01:58 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-20 00:38 . 2008-07-20 00:46 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-20 00:37 . 2008-07-20 00:38 <DIR> d-------- C:\Program Files\CCleaner
2008-07-19 21:19 . 2008-07-22 17:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\CopyToDvd
2008-07-19 21:01 . 2008-07-19 21:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-19 21:00 . 2008-07-19 21:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-19 21:00 . 2008-07-22 02:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-19 20:51 . 2008-07-22 23:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-19 20:51 . 2008-07-19 20:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-19 18:12 . 2008-07-19 21:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-19 18:12 . 2008-07-19 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 12:04 . 2008-07-19 12:04 <DIR> d-------- C:\Program Files\dvd43
2008-07-19 12:04 . 2008-07-19 12:04 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-07-19 11:55 . 2008-07-19 11:55 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\DivX
2008-07-19 11:14 . 2008-07-21 23:32 74 --a------ C:\WINDOWS\Logic
2008-07-19 03:13 . 2008-07-19 03:13 82 --a------ C:\WINDOWS\Getting Started.htm
2008-07-19 03:13 . 2008-07-21 22:00 75 --a------ C:\WINDOWS\Verbal
2008-07-19 03:13 . 2008-07-21 23:41 75 --a------ C:\WINDOWS\Memory
2008-07-19 02:29 . 2008-07-19 03:11 76 --a------ C:\WINDOWS\1
2008-07-19 02:27 . 2008-07-19 03:05 <DIR> d-------- C:\WINDOWS\system32\Brain Trainer
2008-07-19 02:27 . 2008-07-19 02:27 <DIR> d-------- C:\Program Files\Mindscape
2008-07-19 02:19 . 2008-07-19 02:19 <DIR> d-------- C:\Program Files\PowerISO
2008-07-19 01:11 . 2008-07-19 01:11 <DIR> d-------- C:\Program Files\Brain Spa
2008-07-19 01:11 . 2008-07-19 01:11 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Ubisoft
2008-07-19 00:09 . 2008-07-21 21:59 729 --a------ C:\WINDOWS\0
2008-07-19 00:09 . 2008-07-21 21:59 73 --a------ C:\WINDOWS\Times New Roman
2008-07-18 23:31 . 2008-07-18 23:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-18 23:30 . 2001-08-17 22:43 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-18 23:28 . 2008-07-18 23:28 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\CyberLink
2008-07-18 23:13 . 2008-07-18 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-18 23:08 . 2008-07-18 23:08 31 --a------ C:\WINDOWS\papp.ini
2008-07-18 22:38 . 2008-07-18 22:38 32 --a------ C:\WINDOWS\PracticalTest.ini
2008-07-18 21:59 . 2008-07-18 21:59 <DIR> d-------- C:\Program Files\Absolute Media Software
2008-07-18 01:17 . 2008-07-18 01:17 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Ahead
2008-07-18 01:16 . 2008-07-18 01:16 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\DivX
2008-07-18 01:11 . 2008-07-18 01:11 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\BitDefender
2008-07-18 01:11 . 2008-07-23 03:58 <DIR> d-------- C:\Documents and Settings\Jenna
2008-07-18 01:06 . 2008-07-18 01:06 <DIR> d-------- C:\Program Files\Moss Bay Software
2008-07-18 00:48 . 2008-07-18 00:48 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Systweak
2008-07-18 00:38 . 2008-07-18 00:38 <DIR> d-------- C:\Documents and Settings\Paul\Downloads
2008-07-18 00:37 . 2008-07-18 00:37 <DIR> d-------- C:\Program Files\NewsLeecher
2008-07-18 00:37 . 2008-07-18 01:07 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\NewsLeecher
2008-07-18 00:30 . 2008-07-18 00:30 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-18 00:30 . 2008-07-19 01:33 <DIR> d-------- C:\Program Files\DivX
2008-07-18 00:30 . 2008-07-18 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-07-18 00:28 . 2008-07-18 00:44 <DIR> d-------- C:\Program Files\Neuro-Programmer 2 Professional
2008-07-18 00:27 . 2008-07-18 23:19 <DIR> d-------- C:\Program Files\Cyberlink
2008-07-18 00:26 . 2008-07-18 00:26 <DIR> d-------- C:\Program Files\QuickTime
2008-07-18 00:24 . 2008-07-18 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-18 00:23 . 2008-07-18 00:23 <DIR> d-------- C:\MyWorks
2008-07-17 23:28 . 2008-07-17 23:28 <DIR> d-------- C:\Program Files\Driving Test Success 2006-2007
2008-07-17 23:28 . 2008-07-18 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Driving Test Success
2008-07-17 23:24 . 2008-07-17 23:24 <DIR> d-------- C:\{3B07D847-8077-4242-91C7-DFA3CE5113E0}
2008-07-17 23:23 . 2008-07-17 23:24 <DIR> d-------- C:\MWASPI
2008-07-17 23:23 . 2008-07-17 23:23 133 --a------ C:\WINDOWS\msfsetup.ini
2008-07-17 23:20 . 2008-07-17 23:20 <DIR> d-------- C:\Program Files\PIXELA
2008-07-17 23:20 . 2008-07-17 23:20 <DIR> d-------- C:\Program Files\Caplio Software
2008-07-17 23:13 . 2008-07-17 23:15 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-07-17 22:58 . 2008-07-17 22:58 <DIR> d-------- C:\Program Files\XviD
2008-07-17 22:58 . 2008-07-19 11:58 <DIR> d-------- C:\Program Files\AoA DVD Ripper
2008-07-17 22:58 . 2006-08-23 22:08 1,839,104 --a------ C:\WINDOWS\system32\avcodec-51.dll
2008-07-17 22:57 . 2008-07-19 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-07-17 22:56 . 2008-07-17 22:56 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-07-17 22:53 . 2008-07-17 22:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 22:50 . 2008-07-17 22:50 <DIR> d-------- C:\Program Files\VSO
2008-07-17 22:50 . 2008-07-22 17:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Vso
2008-07-17 22:50 . 2008-07-17 22:50 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 22:50 . 2008-07-17 22:50 47,360 --a------ C:\Documents and Settings\Paul\Application Data\pcouffin.sys
2008-07-17 22:38 . 2008-07-23 04:47 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-17 22:31 . 2008-07-17 22:31 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-17 22:31 . 2005-08-25 21:00 140,288 --a------ C:\WINDOWS\system32\CNMLM7L.DLL
2008-07-17 22:31 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-17 22:31 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-17 22:31 . 2005-08-25 21:00 8,704 --a------ C:\WINDOWS\system32\CNMVS7L.DLL
2008-07-17 22:30 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-17 22:30 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-17 22:30 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-17 22:30 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ScanSoft
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-07-17 22:20 . 2008-07-17 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 21:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 16:52 --------- d-----w C:\Program Files\VIA
2008-07-14 16:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 22:43 111,992 ----a-w C:\WINDOWS\system32\acaptuser32.dll
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02319437-08C3-4EE5-8DD3-BFAB00582FD1}]
2008-07-23 01:39 323648 --a------ C:\WINDOWS\system32\iifcaBrq.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-17 22:04 160592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 13:00 15360]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 10:19 204800]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 20:09 700416]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 16:41 2828184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 10:51 811008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-15 15:26 360448]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-07-18 00:26 282624]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-05-19 15:24 91432]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 08:34 167936]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00 826880]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-23 02:33 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifcaBrq
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-23 02:33]
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 08:26]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 04:36]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 08:26]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-23 02:33]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 02:33]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-23 02:33]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-08ef696d - C:\WINDOWS\system32\erpyiciv.dll
SSODL-kvxqmtre-{3C5E1F15-D12B-449E-BEB3-A800FE6FC549} - (no file)
SSODL-evgratsm-{2280B776-3099-4352-B500-399D6E8B90C5} - (no file)
Notify-ddcBSMgG - ddcBSMgG.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.com
O8 -: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 -: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:31:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\qrBacfii.ini 347 bytes
C:\WINDOWS\system32\qrBacfii.ini2 347 bytes
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iifcaBrq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-23 11:34:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 10:34:31
Pre-Run: 469,266,309,120 bytes free
Post-Run: 469,409,398,784 bytes free
302 --- E O F --- 2008-07-20 01:21:19
------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11, on 24/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216127127671
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: acaptuser32.dll,avgrsstx.dll,
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 11869 bytes
------------------------------------------------
Malwarebytes' Anti-Malware 1.22
Database version: 972
Windows 5.1.2600 Service Pack 3
20:50:01 23/07/2008
mbam-log-7-23-2008 (20-50-01).txt
Scan type: Quick Scan
Objects scanned: 41295
Time elapsed: 1 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\iifcaBrq.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8251d0ac-739b-4ef4-91cf-38f2b4ad4182} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8251d0ac-739b-4ef4-91cf-38f2b4ad4182} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bvqe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifcabrq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifcabrq -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\iifcaBrq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qrBacfii.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qrBacfii.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0bdc5af1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM0bdc5af1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
I hope someone will be able to assist me here. I am at a loss...
