t3k

Members
  • Content count

    4
  • Joined

  • Last visited

About t3k

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Many thanks! I'll make a purchase!
  2. I ran HijackThis and checked all items instructed. With all explorer windows (I don't use IE) closed I clicked Fix Checked and I seem to be in good shape. Your executable Mbam that you linked is what got me to the noticeable improvement though. I didn't notice anything wrong after running Mbam. I really appreciate all of the help! Do you have any software security suggestions for this netbook w/ its primary function being an always on proxy server? I'm interested in the most efficient and task suited software for the power it has available.
  3. Thank you very much for the help. I let the executable you provided execute and remove the items it found. I then let it reboot and ran Hijackthis 2 Mbam logs were generated, I'll post them in order of generation separated by ======================= HiJackThis log &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Everything is running very smooth now. For transparency this netbook was acting as a proxy server and I let 1 not savvy enough user have access; my suspicion is data from a shady site passed through. I was running Avira at the time of the virus but now have Avast (free) installed. Kaspersky is on my main pc and I'd welcome any advice you might have on most appropriate (efficient) yet effective security for a netbook. Thanks for your help!!! Malwarebytes' Anti-Malware 1.44 Database version: 3730 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/12/2010 11:22:41 AM mbam-log-2010-02-12 (11-22-31).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 148884 Time elapsed: 56 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 5 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 5 Files Infected: 76 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\depopuho.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{05c75b6f-2dd5-4a50-8e46-da50ff129f35} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mepapirol (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{05c75b6f-2dd5-4a50-8e46-da50ff129f35} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\depomimeh (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yozuyosa.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yozuyosa.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Documents and Settings\home\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> No action taken. C:\Program Files\Your PC Protector (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images (Rogue.YourPCProtector) -> No action taken. C:\Your PC Protector (Rogue.PcProtector) -> No action taken. Files Infected: C:\WINDOWS\system32\depopuho.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\dorizala.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\gidahumu.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\hukubuhu.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\kirasahi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\leheziti.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\nadejafi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\nadusajo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\negokofi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\rahobofo.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\vujigami.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\PGUNUWIW\default[1].htm (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\PGUNUWIW\BHOQS2lloHLBnBRDWZrZET0rHr2JTFeCHNA7AVSoeBDlw1fNRByx_062EtP5j691QTn3QUoLnkJ NdQnU94Ifp_V4QU0FoK3fs8_bUcH9ZN2aL4UKoOidg_jhHzgEr4kd-RKyJ2NwwEk6bROkhGBursypRD5MTRA[1].htm (Trojan.Vundo.Gen) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libaccess_output_http_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libcolorthres_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libdtssys_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libimage_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libmemcpy3dn_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmx_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libntservice_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libquicktime_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll (Trojan.Exploit) -> No action taken. C:\Program Files\VideoLAN\VLC\plugins\libstream_out_es_plugin.dll (Trojan.Exploit) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP103\A0021308.dll (Trojan.Vundo.Gen) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP103\A0021356.dll (Trojan.Vundo.Gen) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025534.dll (Trojan.Vundo.Gen) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025539.dll (Trojan.Vundo.H) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025540.dll (Trojan.Vundo.H) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025541.dll (Trojan.Vundo.H) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025550.dll (Trojan.FakeAlert) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025597.dll (Trojan.Vundo.H) -> No action taken. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025598.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\trz4.tmp (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\vulademu.dll.tmp (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\buyenayo.dll.tmp (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\hiwumeku.dll.tmp (Trojan.Vundo.H) -> No action taken. C:\Documents and Settings\home\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\wispex.html (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\i1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\i2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\i3.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\j1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\j2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\j3.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\jj1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\jj2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\jj3.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\l1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\l2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\l3.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\pix.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\t1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\t2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\Thumbs.db (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\up1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\up2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\w1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\w11.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\w2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\w3.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\w3.jpg (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\word.doc (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\wt1.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\wt2.gif (Rogue.YourPCProtector) -> No action taken. C:\Program Files\schtml\images\wt3.gif (Rogue.YourPCProtector) -> No action taken. C:\Your PC Protector\Your PC Protector.lnk (Rogue.PcProtector) -> No action taken. C:\Your PC Protector.lnk (Rogue.PcProtector) -> No action taken. C:\Program Files\nuar.old (Malware.Trace) -> No action taken. C:\Program Files\wp3.dat (Malware.Trace) -> No action taken. C:\Program Files\wp4.dat (Malware.Trace) -> No action taken. ====================================================================== Malwarebytes' Anti-Malware 1.44 Database version: 3730 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/12/2010 11:23:04 AM mbam-log-2010-02-12 (11-23-04).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 148884 Time elapsed: 56 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 5 Registry Values Infected: 3 Registry Data Items Infected: 3 Folders Infected: 5 Files Infected: 76 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\depopuho.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{05c75b6f-2dd5-4a50-8e46-da50ff129f35} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mepapirol (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{05c75b6f-2dd5-4a50-8e46-da50ff129f35} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\depomimeh (Trojan.Vundo.H) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yozuyosa.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yozuyosa.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\home\Start Menu\Programs\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\Your PC Protector (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Your PC Protector (Rogue.PcProtector) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\depopuho.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\dorizala.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gidahumu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hukubuhu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kirasahi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\leheziti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mikolobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nadejafi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nadusajo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\negokofi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rahobofo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ravebavi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vujigami.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yozuyosa.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\PGUNUWIW\default[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\home\Local Settings\Temporary Internet Files\Content.IE5\PGUNUWIW\BHOQS2lloHLBnBRDWZrZET0rHr2JTFeCHNA7AVSoeBDlw1fNRByx_062EtP5j691QTn3QUoLnkJ NdQnU94Ifp_V4QU0FoK3fs8_bUcH9ZN2aL4UKoOidg_jhHzgEr4kd-RKyJ2NwwEk6bROkhGBursypRD5MTRA[1].htm (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libaccess_output_http_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libcolorthres_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libdtssys_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libimage_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libmemcpy3dn_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmx_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libntservice_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libquicktime_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\Program Files\VideoLAN\VLC\plugins\libstream_out_es_plugin.dll (Trojan.Exploit) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP103\A0021308.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP103\A0021356.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025534.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025539.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025540.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025541.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025550.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025597.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP105\A0025598.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trz4.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vulademu.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\buyenayo.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hiwumeku.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\home\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\wispex.html (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\i1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\i2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\i3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\j1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\j2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\j3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\jj1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\jj2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\jj3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\l1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\l2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\l3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\pix.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\t1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\t2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\Thumbs.db (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\up1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\up2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\w1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\w11.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\w2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\w3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\w3.jpg (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\word.doc (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\wt1.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\wt2.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Program Files\schtml\images\wt3.gif (Rogue.YourPCProtector) -> Quarantined and deleted successfully. C:\Your PC Protector\Your PC Protector.lnk (Rogue.PcProtector) -> Quarantined and deleted successfully. C:\Your PC Protector.lnk (Rogue.PcProtector) -> Quarantined and deleted successfully. C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully. &&&&&&&&&&&&&&&& Hijackthis log &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:27:26 AM, on 2/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe C:\Program Files\SpoonProxy\spserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SpoonProxy\proxy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Elantech\ETDDect.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\WINDOWS\system32\igfxext.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\OpenSSH\bin\cygrunsrv.exe C:\Program Files\OpenSSH\usr\sbin\sshd.exe C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\home\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Shortcut to proxy.lnk = C:\Documents and Settings\home\proxy.bat O4 - Startup: SpoonProxy.lnk = C:\Program Files\SpoonProxy\proxy.exe O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240285653753 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240285575840 O20 - AppInit_DLLs: c:\windows\system32\nutuhunu.dll ,vahoremo.dll O21 - SSODL: muviwahur - {1f12919b-0b15-4ba3-8c8d-c850af005fc9} - c:\windows\system32\nutuhunu.dll (file missing) O22 - SharedTaskScheduler: kupuhivus - {1f12919b-0b15-4ba3-8c8d-c850af005fc9} - c:\windows\system32\nutuhunu.dll (file missing) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Palm Novacom (NovacomD) - Unknown owner - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\Program Files\OpenSSH\bin\cygrunsrv.exe O23 - Service: SpoonProxy (spserv) - Pi-Soft Consulting, LLC - C:\Program Files\SpoonProxy\spserv.exe -- End of file - 6569 bytes
  4. malware bytes won't load in normal or safe mode - attempted multiple downloads, uninstalls/reinstalls and renames of the executables with no difference DDS (Ver_09-12-01.01) - NTFSx86 Run by home at 14:40:40.92 on Wed 02/10/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1568 [GMT -5:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe svchost.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Elantech\ETDDect.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\OpenSSH\bin\cygrunsrv.exe C:\Program Files\SpoonProxy\spserv.exe C:\Program Files\SpoonProxy\proxy.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\OpenSSH\usr\sbin\sshd.exe C:\Documents and Settings\home\My Documents\Downloads\Defogger.exe C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\home\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://eeepc.asus.com/global BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: ADC PlugIn: {77dc0baa-3235-4ba9-8be8-aa9eb678fa02} - c:\program files\adc32.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [mepapirol] Rundll32.exe "c:\windows\system32\getovojo.dll",a StartupFolder: c:\docume~1\home\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\home\proxy.bat StartupFolder: c:\docume~1\home\startm~1\programs\startup\spoonp~1.lnk - c:\program files\spoonproxy\proxy.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240285653753 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240285575840 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: hiwumeku.dll c:\windows\system32\nutuhunu.dll c:\windows\system32\getovojo.dll SSODL: muviwahur - {1f12919b-0b15-4ba3-8c8d-c850af005fc9} - c:\windows\system32\nutuhunu.dll SSODL: telewutid - {79cb94fc-8e07-4c95-9422-08bd92bf0220} - c:\windows\system32\getovojo.dll STS: kupuhivus: {1f12919b-0b15-4ba3-8c8d-c850af005fc9} - c:\windows\system32\nutuhunu.dll STS: mujuzedij: {79cb94fc-8e07-4c95-9422-08bd92bf0220} - c:\windows\system32\getovojo.dll LSA: Notification Packages = scecli buyenayo.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\esew4pu7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\esew4pu7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\esew4pu7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-7 163280] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-7 19024] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384] R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-7-2 30720] R2 OpenSSHd;OpenSSH Server;c:\program files\openssh\bin\cygrunsrv.exe [2004-4-18 36864] R2 spserv;SpoonProxy;c:\program files\spoonproxy\spserv.exe [2001-7-1 61440] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-7 40384] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024] =============== Created Last 30 ================ 2010-02-09 07:34:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-09 07:34:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-09 07:25:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-02-09 07:04:54 0 ----a-w- c:\documents and settings\home\defogger_reenable 2010-02-08 19:19:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-08 19:13:16 0 d-----w- c:\docume~1\home\applic~1\Malwarebytes 2010-02-08 19:07:58 268 ---ha-w- C:\sqmdata13.sqm 2010-02-08 19:07:58 244 ---ha-w- C:\sqmnoopt13.sqm 2010-02-08 18:57:36 39424 --sh--w- c:\windows\system32\ravebavi.dll 2010-02-08 17:18:19 61440 ----a-w- c:\windows\system32\reforola.dll 2010-02-07 19:22:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-02-07 19:13:37 1530 ----a-w- C:\Your PC Protector.lnk 2010-02-07 19:13:34 0 d-----w- C:\Your PC Protector 2010-02-07 19:01:57 268 ---ha-w- C:\sqmdata12.sqm 2010-02-07 19:01:57 244 ---ha-w- C:\sqmnoopt12.sqm 2010-02-07 18:54:36 0 d-----w- c:\program files\schtml 2010-02-07 18:50:15 962560 ----a-w- c:\program files\adc32.dll 2010-02-07 18:50:06 56 ----a-w- c:\program files\wp4.dat 2010-02-07 18:50:06 4 ----a-w- c:\program files\wp3.dat 2010-02-07 18:50:06 36 ----a-w- c:\program files\skynet.dat 2010-02-07 18:49:57 0 d-----w- c:\program files\Your PC Protector 2010-01-31 17:19:42 268 ---ha-w- C:\sqmdata11.sqm 2010-01-31 17:19:42 244 ---ha-w- C:\sqmnoopt11.sqm 2010-01-30 20:37:48 268 ---ha-w- C:\sqmdata10.sqm 2010-01-30 20:37:48 244 ---ha-w- C:\sqmnoopt10.sqm 2010-01-30 20:21:32 0 d--h--w- C:\$AVG 2010-01-30 20:20:46 0 d-----w- c:\program files\AVG 2010-01-30 20:20:44 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-01-30 20:01:52 0 d-----w- c:\docume~1\home\applic~1\QuickScan 2010-01-30 17:25:47 268 ---ha-w- C:\sqmdata09.sqm 2010-01-30 17:25:47 244 ---ha-w- C:\sqmnoopt09.sqm 2010-01-30 08:14:22 268 ---ha-w- C:\sqmdata08.sqm 2010-01-30 08:14:22 244 ---ha-w- C:\sqmnoopt08.sqm 2010-01-30 00:26:41 268 ---ha-w- C:\sqmdata07.sqm 2010-01-30 00:26:41 244 ---ha-w- C:\sqmnoopt07.sqm 2010-01-29 23:46:08 268 ---ha-w- C:\sqmdata06.sqm 2010-01-29 23:46:08 244 ---ha-w- C:\sqmnoopt06.sqm 2010-01-29 22:50:58 268 ---ha-w- C:\sqmdata05.sqm 2010-01-29 22:50:58 244 ---ha-w- C:\sqmnoopt05.sqm 2010-01-29 18:37:02 268 ---ha-w- C:\sqmdata04.sqm 2010-01-29 18:37:02 244 ---ha-w- C:\sqmnoopt04.sqm 2010-01-18 17:19:32 268 ---ha-w- C:\sqmdata03.sqm 2010-01-18 17:19:32 244 ---ha-w- C:\sqmnoopt03.sqm 2010-01-18 00:34:38 244 ---ha-w- C:\sqmnoopt02.sqm 2010-01-18 00:34:38 232 ---ha-w- C:\sqmdata02.sqm ==================== Find3M ==================== 2010-02-07 18:50:11 9 ----a-w- c:\program files\nuar.old 2010-01-04 04:55:20 11 ----a-w- c:\documents and settings\home\restart.bat 2010-01-04 04:48:45 77 ----a-w- c:\documents and settings\home\proxy.bat 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-19 20:26:34 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe 1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\buyenayo.dll 1601-01-01 00:03:28 93696 --sha-w- c:\windows\system32\getovojo.dll 1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\hiwumeku.dll 1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\hukubuhu.dll 1601-01-01 00:03:28 93696 --sha-w- c:\windows\system32\kirasahi.dll 1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\leheziti.dll 1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\nadejafi.dll 1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\nadusajo.dll 1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\vujigami.dll 1601-01-01 00:03:52 53760 --sha-w- c:\windows\system32\vulademu.dll ============= FINISH: 14:41:20.68 =============== attach.zip.zip