Author Topic: Win32:PurityScan-AF virus?? I need help once again  (Read 63781 times)

0 Members and 1 Guest are viewing this topic.

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #30 on: June 27, 2007, 11:45:26 PM »
Virus total showed...
0 bytes size received / Se ha recibido un archivo vacio

Also while i was doing the hijacklog, my avast popped up saying i had signs of another trojan.  I've put the log from 6-25-2007 to now.
2007-06-20 1:01   SYSTEM   2032   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP208\A0041500.EXE" file. 
2007-06-25 7:27   SYSTEM   2036   Sign of "Win32:VB-TGS [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\snapsnet.exe" file. 
2007-06-25 7:32   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\OinFP.exe\[UPX]" file. 
2007-06-25 7:32   SYSTEM   2036   Sign of "Win32:Mirar-B [Adw]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\NNBar_VCSetup_876919_LOG_IES_NoDMY_AFF.exe" file. 
2007-06-25 7:33   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.dll" file. 
2007-06-25 7:35   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\OinFP.exe\[UPX]" file. 
2007-06-25 7:38   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\OinFP.exe\[UPX]" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:Agent-HKJ [Trj]" has been found in "C:\WINDOWS\retadpu2000219.exe\[UPX]" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsx26.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\AXMHGBKX\acdt68[1].exe" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:Agent-HKJ [Trj]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\retadpu2000219.exe.vir\[UPX]" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsx26.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy31.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy30.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy30.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.exe" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\nsy31.tmp\KillNDrv.dll" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.exe" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\OuterinfoUpdate.exe\[UPX]" file. 
2007-06-26 12:01   SYSTEM   2036   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\OuterinfoUpdate.exe\[UPX]" file. 
2007-06-26 12:10   Brenda Mayorga   468   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\Program Files\Outerinfo\Outerinfo.exe" file. 
2007-06-26 12:28   Brenda Mayorga   468   Sign of "Win32:PurityScan-AF [Trj]" has been found in "C:\QooBox\Quarantine\C\Program Files\Outerinfo\Outerinfo.dll.vir" file. 
2007-06-27 12:02   SYSTEM   928   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\PZWPLAF2\koocwolla_20070601[1]" file. 
2007-06-27 2:26   SYSTEM   148   Sign of "Win32:Agent-HZS [Trj]" has been found in "C:\Documents and Settings\Brenda Mayorga\Local Settings\Temporary Internet Files\Content.IE5\LBCRWB6D\koocwolla_20070601[1]" file. 
2007-06-27 3:35   SYSTEM   152   Sign of "Win32:Agent-HKJ [Trj]" has been found in "C:\QOOBOX\QUARANTINE\C\WINDOWS\RETADPU2000219.EXE.VIR\[UPX]" file. 
2007-06-27 3:41   SYSTEM   152   Sign of "Win32:Agent-HKJ [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP219\A0042431.EXE\[UPX]" file. 


mauserme

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #31 on: June 28, 2007, 05:20:35 AM »
There is still Virtumondo on your computer and possibly some processes we haven't found yet.

Download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
 

 Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

A log will be produced which you can post in your next response.


VundoFix will likely clean many (hopefully all) of the infected files but I'm unsure if it will get the underlying problem, so after you post the VundoFix report I would also like you to download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      Non-Microsoft Only
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.


Also, I had previously recommended a firewall - this would be a very good time to get one.

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #32 on: June 28, 2007, 05:40:52 AM »
I've ran the VundoFix, however it told me that there were no infected files.  It did not prompt me to reboot the system.  Should I x out of the VundoFix or do I actually need to click on Remove Vundo?  I'm assuming since no file was found that there will be no log produced?

mauserme

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #33 on: June 28, 2007, 05:41:56 AM »
It can just be closed.

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #34 on: June 28, 2007, 06:07:20 AM »
WinPFind3 logfile created on: 2007-06-27 PM 10:57:07
WinPFind3U by OldTimer - Version 1.0.39   Folder = C:\Documents and Settings\Brenda Mayorga\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
 
222.48 Mb Total Physical Memory | 42.85 Mb Available Physical Memory | 19.26% Memory free
582.59 Mb Paging File | 200.34 Mb Available in Paging File | 34.39% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 24.00 Gb Free Space | 64.42% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BRENDA
Current User Name: Brenda Mayorga
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe ->  [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 2007-01-15 AM 11:28:58 | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 2007-01-15 AM 11:28:32 | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe ->  [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 2007-01-15 AM 11:28:52 | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 2007-01-15 AM 11:27:52 | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 59008 bytes | Modified Date = 2007-01-15 AM 11:18:24 | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr =    ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr =    ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-04-11 PM 12:00:00 | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 AM 4:25:42 | Attr =    ]
eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 PM 3:24:20 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 AM 7:31:10 | Attr =    ]
hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 2005-04-01 PM 5:11:14 | Attr =    ]
hpqste08.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 2005-05-12 AM 1:40:38 | Attr =    ]
hpqtra08.exe -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-12 AM 12:23:26 | Attr =    ]
hpqwmi.exe -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 2005-03-04 PM 2:16:18 | Attr = R  ]
hprblog.exe -> %ProgramFiles%\Hp\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 2005-05-12 AM 12:16:22 | Attr =    ]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-12 AM 12:12:54 | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 2004-10-13 PM 6:03:54 | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 2004-10-13 PM 6:04:14 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 AM 3:43:44 | Attr =    ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe ->  [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2005-02-22 PM 6:32:14 | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2005-04-29 AM 8:02:28 | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 AM 10:12:46 | Attr =    ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2005-02-02 AM 7:11:12 | Attr =    ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2005-02-02 AM 7:12:22 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 2007-06-23 PM 3:15:54 | Attr =    ]
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 15360 bytes | Modified Date = 2004-06-23 PM 2:23:00 | Attr =    ]
wlancfgag.exe -> %ProgramFiles%\Airlink101\AWLC4030\WLanCfgAG.exe ->  [Ver = 1, 0, 7, 3 | Size = 827392 bytes | Modified Date = 2005-07-25 PM 10:05:08 | Attr =    ]
wlservice.exe -> %ProgramFiles%\Airlink101\AWLC4030\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 PM 4:08:16 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 59008 bytes | Modified Date = 2007-01-15 AM 11:18:24 | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-04-11 AM 8:31:26 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe ->  [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 2007-01-15 AM 11:28:52 | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 2007-01-15 AM 11:28:32 | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 2007-01-15 AM 11:27:52 | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 AM 7:31:10 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr =    ]
(DomainService) DomainService [Win32_Own | Auto | Stopped] -> %System32%\tcbbsjha.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-04-16 AM 11:15:26 | Attr =    ]
(hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Running] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 4, 3 | Size = 98304 bytes | Modified Date = 2005-03-04 PM 2:16:18 | Attr = R  ]
(iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 327680 bytes | Modified Date = 2004-10-13 PM 6:03:54 | Attr =    ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe ->  [Ver = 1.0.21.1 | Size = 38912 bytes | Modified Date = 2005-02-22 PM 6:32:14 | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 2004-09-29 PM 1:14:36 | Attr =    ]
(Super G Wireless Cardbus Service) Super G Wireless Cardbus Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Airlink101\AWLC4030\WLService.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2004-03-29 PM 4:08:16 | Attr =    ]

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #35 on: June 28, 2007, 06:08:32 AM »
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 AM 4:25:42 | Attr =    ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-04-11 PM 12:00:00 | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe ->  [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 2007-01-15 AM 11:28:58 | Attr =    ]
Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe ->  [Ver =  | Size = 233534 bytes | Modified Date = 2005-02-17 PM 4:01:20 | Attr =    ]
eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard  [Ver = 5, 1, 1, 2 | Size = 290816 bytes | Modified Date = 2004-12-03 PM 3:24:20 | Attr =    ]
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005-05-12 AM 12:12:54 | Attr =    ]
hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Company [Ver = 1, 1, 1, 2 | Size = 794624 bytes | Modified Date = 2005-04-01 PM 5:11:14 | Attr =    ]
icq.com -> %System32%\dobypqqc.dll [rundll32.exe "C:\WINDOWS\system32\dobypqqc.dll",forkonce] ->  [Ver =  | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.0.42 | Size = 278528 bytes | Modified Date = 2004-10-13 PM 6:04:14 | Attr =    ]
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 2004-10-14 PM 3:54:32 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2005-04-29 AM 8:02:28 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 AM 3:43:44 | Attr =    ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 692316 bytes | Modified Date = 2005-02-02 AM 7:11:12 | Attr =    ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.13.0.1 02Feb05 | Size = 102492 bytes | Modified Date = 2005-02-02 AM 7:12:22 | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 AM 10:12:46 | Attr =    ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,402 | Size = 4670968 bytes | Modified Date = 2007-06-11 PM 6:16:12 | Attr =    ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\Hp\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-12 AM 12:23:26 | Attr =    ]
< User Startup > -> C:\Documents and Settings\Brenda Mayorga\Start Menu\Programs\Startup ->
%UserStartup%\wkcalrem.LNK -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 15360 bytes | Modified Date = 2004-06-23 PM 2:23:00 | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 AM 7:29:58 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 PM 1:55:48 | Attr =    ]
{DC192567-65F9-4AB6-ADB7-E13575F81726} [HKLM] -> %System32%\vtuspol.dll [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 PM 1:41:36 | Attr =    ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 2005-04-11 AM 8:31:30 | Attr =    ]
vtuspol -> vtuspol.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #36 on: June 28, 2007, 06:17:28 AM »
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
www_yahoo.com [https] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 2003-11-03 PM 4:17:44 | Attr =    ]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [HKLM] -> %System32%\mtgafqjo.dll [Reg Data - Value does not exist] ->  [Ver =  | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 AM 1:04:00 | Attr =    ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 PM 3:33:52 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 AM 3:43:40 | Attr =    ]
{81DD6C8F-EA28-4CFF-A56A-5BD9A8F1D1FD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R  ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
 [HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R  ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr =    ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2007-01-19 PM 11:55:32 | Attr = R  ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\Hp\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 2003-11-21 AM 5:26:28 | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 AM 3:43:42 | Attr =    ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll\SEARCH.HTM -> File not found
&Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsearch.htm -> File not found
Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmcache.htm -> File not found
E&xport to Microsoft Excel ->  -> File not found
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmsimilar.htm -> File not found
Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll\cmtrans.htm -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5F47C24C-E1E4-4206-A770-13751059C1B6} ->    (Airlink101 Super G Cardbus Adapter) ->
{88D6CB69-2796-421A-947C-8ABE5BCF3389} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{DB92313F-449F-4995-9964-1BA2360A9476} ->    (Broadcom 802.11b/g WLAN) ->
{E8B6B49F-5814-4947-A101-7512A4B92FC7} ->    (Westell WireSpeed Dual Connect Modem) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://photos.walmart.com/WalmartActivia.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176249475250 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176249440859 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #37 on: June 28, 2007, 06:18:15 AM »
[Files/Folders - Created Within 30 days]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2007-06-16 PM 11:14:36 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 2007-06-16 PM 11:14:36 | Attr = RHS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2007-06-25 PM 10:40:02 | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2007-06-27 PM 9:28:54 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 2007-06-26 PM 10:40:00 | Attr =    ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ ->  [Folder | Created Date = 2007-06-13 AM 2:04:45 | Attr =  H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ ->  [Folder | Created Date = 2007-06-13 AM 2:05:49 | Attr =  H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ ->  [Folder | Created Date = 2007-06-13 AM 2:01:59 | Attr =  H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ ->  [Folder | Created Date = 2007-06-13 AM 2:04:30 | Attr =  H ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 87552 bytes | Created Date = 2007-06-25 PM 10:25:19 | Attr =    ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 2007-06-16 PM 12:03:32 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 2007-06-16 PM 12:03:32 | Attr =  H ]
bccdd.bak2 -> %System32%\bccdd.bak2 ->  [Ver =  | Size = 1846573 bytes | Created Date = 2007-06-26 PM 12:26:05 | Attr =  HS]
bccdd.ini2 -> %System32%\bccdd.ini2 ->  [Ver =  | Size = 1845942 bytes | Created Date = 2007-06-27 PM 2:47:06 | Attr =  HS]
bccdd.tmp -> %System32%\bccdd.tmp ->  [Ver =  | Size = 1845942 bytes | Created Date = 2007-06-27 PM 2:38:54 | Attr =  HS]
bccdd.tmp2 -> %System32%\bccdd.tmp2 ->  [Ver =  | Size = 1843200 bytes | Created Date = 2007-06-27 PM 2:47:06 | Attr =    ]
cqqpybod.ini -> %System32%\cqqpybod.ini ->  [Ver =  | Size = 930139 bytes | Created Date = 2007-06-27 PM 1:25:50 | Attr =  HS]
dljqvpxg.ini -> %System32%\dljqvpxg.ini ->  [Ver =  | Size = 929906 bytes | Created Date = 2007-06-26 PM 10:55:46 | Attr =  HS]
dobypqqc.dll -> %System32%\dobypqqc.dll ->  [Ver =  | Size = 128576 bytes | Created Date = 2007-06-27 PM 1:25:46 | Attr =    ]
gxpvqjld.dll -> %System32%\gxpvqjld.dll ->  [Ver =  | Size = 128576 bytes | Created Date = 2007-06-26 PM 10:55:13 | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-20 AM 11:51:15 | Attr =    ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 2007-06-20 AM 11:51:16 | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-20 AM 11:51:15 | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 2007-06-20 AM 11:51:16 | Attr =    ]
mtgafqjo.dll -> %System32%\mtgafqjo.dll ->  [Ver =  | Size = 66112 bytes | Created Date = 2007-06-26 PM 10:53:22 | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 2007-06-25 PM 10:25:19 | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-06-25 PM 10:25:18 | Attr =    ]
vfind.exe -> %System32%\vfind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2007-06-19 PM 6:58:34 | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2007-06-20 PM 11:37:35 | Attr =    ]

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #38 on: June 28, 2007, 06:18:55 AM »
[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2007-06-20 PM 5:07:22 | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 233361408 bytes | Modified Date = 2007-06-27 PM 4:01:18 | Attr =  HS]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2007-06-17 AM 12:14:38 | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 2007-06-17 AM 12:14:38 | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2007-06-26 AM 12:28:54 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2007-06-25 PM 11:40:04 | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2007-06-27 PM 10:28:56 | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2007-06-26 PM 6:27:54 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 2007-06-26 PM 11:40:02 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2007-06-13 AM 2:18:10 | Attr =  H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ ->  [Folder | Modified Date = 2007-06-13 AM 3:04:50 | Attr =  H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ ->  [Folder | Modified Date = 2007-06-13 AM 3:05:56 | Attr =  H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ ->  [Folder | Modified Date = 2007-06-13 AM 3:02:02 | Attr =  H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ ->  [Folder | Modified Date = 2007-06-13 AM 3:04:34 | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2007-06-27 PM 4:01:34 | Attr =   S]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 87552 bytes | Modified Date = 2007-06-05 AM 5:24:04 | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2007-06-26 PM 11:32:30 | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2007-06-20 PM 3:30:20 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2007-06-13 AM 3:05:14 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2007-06-22 AM 7:55:58 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2007-06-20 PM 5:07:22 | Attr =  HS]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2007-06-27 PM 10:54:18 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2007-06-16 PM 1:03:34 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2007-06-16 PM 1:03:34 | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2007-06-25 PM 7:19:24 | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 2007-06-27 PM 7:30:32 | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2007-06-27 PM 4:05:10 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2007-06-27 PM 8:12:06 | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 2007-06-27 PM 4:05:10 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2007-06-27 PM 4:01:52 | Attr =  H ]
bccdd.bak2 -> %System32%\bccdd.bak2 ->  [Ver =  | Size = 1846573 bytes | Modified Date = 2007-06-27 PM 1:26:42 | Attr =  HS]
bccdd.ini2 -> %System32%\bccdd.ini2 ->  [Ver =  | Size = 1845942 bytes | Modified Date = 2007-06-27 PM 3:59:40 | Attr =  HS]
bccdd.tmp -> %System32%\bccdd.tmp ->  [Ver =  | Size = 1845942 bytes | Modified Date = 2007-06-27 PM 3:47:08 | Attr =  HS]
bccdd.tmp2 -> %System32%\bccdd.tmp2 ->  [Ver =  | Size = 1843200 bytes | Modified Date = 2007-06-27 PM 3:59:46 | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2007-06-27 PM 3:06:02 | Attr =    ]
cqqpybod.ini -> %System32%\cqqpybod.ini ->  [Ver =  | Size = 930139 bytes | Modified Date = 2007-06-27 PM 7:30:32 | Attr =  HS]
dljqvpxg.ini -> %System32%\dljqvpxg.ini ->  [Ver =  | Size = 929906 bytes | Modified Date = 2007-06-27 AM 11:50:22 | Attr =  HS]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2007-06-21 AM 2:16:42 | Attr = RHS]
dobypqqc.dll -> %System32%\dobypqqc.dll ->  [Ver =  | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr =    ]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 2007-06-26 AM 12:27:22 | Attr =    ]
gxpvqjld.dll -> %System32%\gxpvqjld.dll ->  [Ver =  | Size = 128576 bytes | Modified Date = 2007-06-26 PM 11:55:14 | Attr =    ]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 2007-06-22 AM 7:53:34 | Attr =    ]
mtgafqjo.dll -> %System32%\mtgafqjo.dll ->  [Ver =  | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2007-06-27 PM 4:04:50 | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 2007-05-30 AM 7:10:42 | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2007-06-19 PM 8:20:54 | Attr =    ]

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #39 on: June 28, 2007, 06:19:33 AM »
[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe ->  [Ver = 4, 7, 936, 0 | Size = 689280 bytes | Modified Date = 2007-01-15 AM 11:32:08 | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\dobypqqc.dll ->  [Ver =  | Size = 128576 bytes | Modified Date = 2007-06-27 PM 2:25:50 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\gxpvqjld.dll ->  [Ver =  | Size = 128576 bytes | Modified Date = 2007-06-26 PM 11:55:14 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\mtgafqjo.dll ->  [Ver =  | Size = 66112 bytes | Modified Date = 2007-06-26 PM 11:53:24 | Attr =    ]
PEC2 , PECompact2 ,  -> %System32%\SerialShield.dll -> Ionworx Technology [Ver = 1.9.5.0 | Size = 225280 bytes | Modified Date = 2006-04-04 AM 10:40:26 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 2004-08-04 AM 3:00:00 | Attr =    ]

< End of report >

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #40 on: June 28, 2007, 06:23:53 AM »
Should I download that firewall now or should I wait until we're sure the computer is clean?

mauserme

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #41 on: June 28, 2007, 06:47:39 AM »
This is going to take some time to review the log, and I would like to enlist a second opinion. 

For now install the firewall and I will post again as soon as I am able.

mauserme

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #42 on: June 28, 2007, 02:11:06 PM »
I have PM'd essexboy for an opinion on my proposed winpfind fix - his experience with this tool is vast and mine is not.

brenda31

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #43 on: June 29, 2007, 01:56:34 AM »
It seems as if my screen is going green and lines cut across the screen filling the page every now and then.  Would this be related to my virus issues.  I haven't had this problem before and my laptop is realtively new.  It's about a year old, but has been used only within the past two months.

demetermaid

  • Guest
Re: Win32:PurityScan-AF virus?? I need help once again
« Reply #44 on: June 29, 2007, 02:37:13 AM »
Sorry to butt in here ... I had a heck of a time getting assorted malware off my XP just last week, including Purity Scan.

If I may ask ... are you disabling System Restore before you make your changes?