Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.q, M, Backdoor, E-mail, Checker, Download


  • Please log in to reply
12 replies to this topic

#1 laredo

laredo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 May 2008 - 03:21 PM

My original post in "Am I Infected" concerned SmitFraud, Virtumonde and Zlob which failed to clean after Spybot S&D. After running SmitfraudFix, SmitRem and SDFix as guided by "Chewy" I am posting the following logs from Kaspersky and DSS.exe. Popups to "Congratulations" etc. websites continue. As a personal disclaimer, this screwed up computer is NOT mine! :thumbsup: I am trying to help out a co-worker. Thanks so much.

KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 3:49:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 740539

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 87012
Number of viruses found 72
Number of infected objects 383
Number of suspicious objects 0
Duration of the scan process 01:38:55

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\catchme.zip/FMR27.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\Documents and Settings\Administrator\Desktop\catchme.zip/spools.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\Documents and Settings\Administrator\Desktop\catchme.zip/SYST425.DLL Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LCTW8UPR\adelextra[1].gif Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Incomplete\Preview-T-3566386-06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Incomplete\T-3545425-mirror ne yo.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temp\JET70B.tmp Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000010.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\SDFix\backups\backups.zip/backups/382077.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\SDFix\backups\backups.zip/backups/cftmon.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\SDFix\backups\backups.zip/backups/delextra.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\SDFix\backups\backups.zip/backups/gndarmblvpg.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\SDFix\backups\backups.zip/backups/hosts Infected: Trojan.Win32.Qhost.aei skipped

C:\SDFix\backups\backups.zip/backups/kavir.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\SDFix\backups\backups.zip/backups/lcss.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\SDFix\backups\backups.zip/backups/mrcmgr.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\SDFix\backups\backups.zip/backups/svchost32.exe Infected: Trojan.Win32.Delf.btm skipped

C:\SDFix\backups\backups.zip/backups/sys32.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\SDFix\backups\backups.zip/backups/syst425.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\SDFix\backups\backups.zip/backups/WLCtrl32.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\SDFix\backups\backups.zip/backups/wxdbpfvo.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\SDFix\backups\backups.zip ZIP: infected - 13 skipped

C:\starts.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\startup.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP565\A0189860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0191037.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0191102.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP567\A0192152.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP567\A0192221.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP569\A0194365.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP569\A0195416.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP570\A0195491.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP571\A0196491.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0196531.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP573\A0196622.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP573\A0197690.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP575\A0197824.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP577\A0199824.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP577\A0199908.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0199951.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0201051.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0201135.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP579\A0202173.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP580\A0203173.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP581\A0204179.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0204317.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0206427.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0206596.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP584\A0208763.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP585\A0209794.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP586\A0209917.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0212964.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213002.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213037.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213062.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP589\A0214094.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP589\A0214115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP590\A0216188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP591\A0216365.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217420.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qtx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217423.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217485.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217486.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217487.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217488.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222198.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.aj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222199.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222201.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222471.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222498.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222500.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222501.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222502.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222503.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222505.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222506.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222513.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222516.exe Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222517.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222518.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222519.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222521.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222522.exe Infected: not-a-virus:AdWare.Win32.Hotbar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222527.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222531.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222532.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222535.exe Infected: not-a-virus:AdWare.Win32.HotBar.ax skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222538.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222540.dll Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222541.exe Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222542.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222543.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222545.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222546.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222551.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222556.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222559.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222563.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222564.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222566.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222571.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222574.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222574.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222575.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222582.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222585.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222587.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223825.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223826.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223827.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223828.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223829.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223830.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223831.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223832.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223833.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223834.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223835.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223836.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223837.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223838.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223839.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223840.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223841.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223842.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223843.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223844.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223845.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223846.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223847.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223848.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223849.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223850.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223851.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223852.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223853.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223854.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223855.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223856.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223857.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223858.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223859.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223860.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223861.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223862.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223863.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223864.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223865.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223866.dll Infected: Trojan.Win32.BHO.re skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223867.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223868.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223869.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223870.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223871.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223872.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223873.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223874.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223875.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223876.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223877.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223878.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223879.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223880.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223881.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223882.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223883.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223884.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223885.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223886.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223887.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223888.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223889.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223890.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223891.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223893.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223896.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223897.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223898.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223899.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223900.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223901.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223902.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223903.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223904.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223905.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223906.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223907.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223908.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223909.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223910.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223911.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223912.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223913.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223914.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223915.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223916.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223917.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223918.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP606\A0227706.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230334.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230354.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230355.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231326.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231333.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231334.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231335.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231342.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231343.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231345.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231359.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231361.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231362.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231382.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0231396.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0231400.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233367.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233368.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233369.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235463.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235469.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235596.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235604.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235605.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235617.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235618.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235619.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235620.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235621.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235622.EXE Infected: not-a-virus:AdWare.Win32.Background skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235623.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235624.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235625.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235626.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235627.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235628.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235629.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235630.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235631.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235632.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235633.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235634.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235635.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235638.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235639.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235640.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235641.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235642.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235645.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235646.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235647.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235649.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235650.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235651.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235653.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235654.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235655.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235656.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235657.dll Infected: Trojan.Win32.BHO.rg skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235659.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235662.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235663.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235664.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235665.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235666.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235667.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235668.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235669.dll Infected: Backdoor.Win32.Agent.dlj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235670.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235671.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235674.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235675.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235677.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235678.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235679.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235680.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235681.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235682.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235684.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235685.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235686.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235687.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235688.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235689.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235690.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235691.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235692.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235693.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235694.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235695.dll Infected: Trojan.Win32.BHO.rd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235696.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235697.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235699.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235702.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235703.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235704.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235707.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235708.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235709.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235724.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235731.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235748.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235750.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235751.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235752.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235765.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.aj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235766.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235768.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236124.dll Infected: Trojan.Win32.Vapsup.ejp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236125.dll Infected: Trojan.Win32.Vapsup.ejn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236126.exe Infected: Trojan.Win32.Vapsup.ejr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236127.exe Infected: Trojan.Win32.Vapsup.ejo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236128.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236129.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236130.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236131.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236141.dll Infected: Trojan.Win32.Agent.kri skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238179.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238179.exe RAR: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238201.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238227.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238229.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238230.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238245.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238247.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238247.exe RAR: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238338.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239380.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239381.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239382.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239414.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239415.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239416.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239417.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239418.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239419.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239420.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239421.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239423.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239424.exe Infected: Trojan.Win32.Delf.btm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239425.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239426.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239427.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239428.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239437.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239438.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239441.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239442.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239443.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239444.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239445.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239446.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239449.exe Infected: Trojan.Win32.Delf.btm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239450.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239451.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239453.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239454.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{346350D8-E5D7-4589-B285-5755372113A1}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20080429-233401.backup Infected: Trojan.Win32.Qhost.aei skipped

C:\WINDOWS\SYSTEM32\DRIVERS\smccs.sys Infected: not-a-virus:AdWare.Win32.BHO.ars skipped

C:\WINDOWS\SYSTEM32\gebxuts.dll Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\hmlphl.dll Infected: Trojan-Spy.Win32.BHO.a skipped

C:\WINDOWS\SYSTEM32\scerpt.dll Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\WINDOWS\SYSTEM32\vtUmJCRi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqz skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\__c002E194.dat Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\__c007E70.dat Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\__c0099DB6.dat Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\__c009F846.dat Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\__c00F1020.dat Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\winhost.exe Infected: Trojan.Win32.Qhost.aly skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by Warren on 2008-05-05 15:56:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-05-05 19:56:36 UTC - RP615 - Deckard's System Scanner Restore Point
50: 2008-05-05 11:30:23 UTC - RP614 - System Checkpoint
49: 2008-04-29 23:51:16 UTC - RP613 - Installed Windows Installer Clean Up
48: 2008-04-27 13:28:12 UTC - RP612 - Installed Symantec Technical Support Web Controls
47: 2008-04-25 07:12:37 UTC - RP611 - Last known good configuration


-- First Restore Point --
1: 2008-04-25 07:11:35 UTC - RP565 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Warren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:31 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\AOL\1170814827\ee\AOLSoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\TEMP\NT1B80E32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Warren\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Warren.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\WINDOWS\system32\config\systemprofile\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\config\systemprofile\cftmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208142217515
O17 - HKLM\System\CCS\Services\Tcpip\..\{86AB4F89-8CC4-4007-AF42-99FAA1D02FF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: __c009F846 - C:\WINDOWS\system32\__c009F846.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jqvm465hmygebkpp6 - Unknown owner - C:\WINDOWS\system32\lcss.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8373 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\warren\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 jqvm465hmygebkpp6 - "c:\windows\system32\lcss.exe" (file missing)
S2 LiveUpdate Notice - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-05 14:02:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-05 14:27:19 9728 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-05-05 06:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 06:33:36 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-05 06:33:26 0 d-------- C:\WINDOWS\LastGood
2008-05-04 22:53:05 0 d-------- C:\WINDOWS\ERUNT
2008-05-04 10:03:39 6218 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-01 20:37:33 0 d-------- C:\Program Files\Trend Micro
2008-05-01 20:23:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-01 19:30:36 37636 --a------ C:\WINDOWS\system32\__c00C7528.exe
2008-05-01 19:25:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-01 19:25:14 86016 --a------ C:\WINDOWS\system32\__c007E70.dat
2008-04-30 07:02:24 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-04-30 06:51:09 0 d-------- C:\VundoFix Backups
2008-04-30 06:49:59 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-04-30 06:49:56 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-04-30 06:46:31 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-30 06:46:29 0 d-------- C:\LiveAntispy
2008-04-30 06:46:27 0 d-------- C:\Program Files\LiveAntispy
2008-04-30 06:46:23 37636 --a------ C:\WINDOWS\system32\__c00BFA78.exe
2008-04-30 06:42:22 86016 --a------ C:\WINDOWS\system32\__c002E194.dat
2008-04-29 22:15:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 21:28:39 21140 --ahs---- C:\WINDOWS\system32\iSvvGMoq.ini2
2008-04-29 21:25:13 37636 --a------ C:\WINDOWS\system32\__c00605F6.exe
2008-04-29 19:51:21 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-29 13:11:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-29 13:11:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-29 13:11:14 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-27 16:25:12 17772 --a------ C:\starts.exe
2008-04-27 15:18:26 0 d-------- C:\Documents and Settings\Warren\Application Data\TmpRecentIcons
2008-04-27 10:28:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-27 09:55:00 0 d-------- C:\Documents and Settings\Shirley\Application Data\TmpRecentIcons
2008-04-27 08:33:18 86016 --a------ C:\WINDOWS\system32\__c0099DB6.dat
2008-04-27 08:26:58 43008 --a------ C:\WINDOWS\system32\vtUmJCRi.dll
2008-04-27 08:26:27 346112 --a------ C:\WINDOWS\system32\gebxuts.dll
2008-04-27 08:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-27 08:20:04 39520 --a------ C:\winhost.exe
2008-04-27 08:19:37 10513 --a------ C:\startup.exe
2008-04-26 08:49:52 10752 -r-h----- C:\WINDOWS\system32\win_2.exe
2008-04-26 08:48:35 0 --a------ C:\WINDOWS\system32\perfn2872.dat
2008-04-25 02:45:11 0 d-------- C:\Program Files\Windows Sidebar
2008-04-25 02:44:47 0 d-------- C:\Program Files\Symantec
2008-04-25 02:44:46 0 d-------- C:\Program Files\Norton 360
2008-04-25 02:44:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 21:32:50 5242880 --a------ C:\Documents and Settings\Kara\ntuser.dat
2008-04-24 21:32:49 5767168 --a------ C:\Documents and Settings\Shirley\ntuser.dat
2008-04-24 21:32:48 6029312 --a------ C:\Documents and Settings\Warren\ntuser.dat
2008-04-24 20:37:31 0 d-------- C:\WINDOWS\system32\Client
2008-04-20 04:03:32 37636 --a------ C:\WINDOWS\system32\__c00A291.exe
2008-04-20 03:35:02 6449 --ahs---- C:\WINDOWS\system32\DcfiRXyb.ini2
2008-04-18 20:48:48 0 d-------- C:\Documents and Settings\Kara\Application Data\Symantec
2008-04-17 21:27:11 7026 --ahs---- C:\WINDOWS\system32\klmprBeg.ini2
2008-04-16 02:24:35 320 --ahs---- C:\WINDOWS\system32\GOoXxGgh.ini2
2008-04-15 07:37:34 320 --ahs---- C:\WINDOWS\system32\BJmnmUtv.ini2
2008-04-14 23:54:20 86016 --a------ C:\WINDOWS\system32\__c00F1020.dat
2008-04-14 23:43:43 6489 --ahs---- C:\WINDOWS\system32\bKRYbcfe.ini2
2008-04-14 01:23:37 0 d-------- C:\Documents and Settings\Shirley\Application Data\Symantec
2008-04-13 18:37:17 0 d-------- C:\Documents and Settings\Warren\Application Data\Symantec
2008-04-13 18:16:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 06:00:52 2329 --a------ C:\xcrashdump.dat
2008-04-13 05:57:15 6681 --ahs---- C:\WINDOWS\system32\FNTvwyay.ini2
2008-04-13 05:55:19 6595 --ahs---- C:\WINDOWS\system32\IRCfPqru.ini2
2008-04-11 23:30:27 38400 --a------ C:\WINDOWS\system32\__c009F846.dat
2008-04-11 18:40:43 26752 -----n--- C:\WINDOWS\system32\khfFWpol.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-05 15:52:18 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 20:46:33 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 19:47:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 11:13:08 0 d-------- C:\Program Files\LimeWire
2008-05-01 19:02:03 0 --a------ C:\WINDOWS\system32\hl.dat
2008-04-25 02:11:05 0 d-------- C:\Program Files\Common Files
2008-04-14 06:41:06 0 d-------- C:\Documents and Settings\Warren\Application Data\U3
2008-04-13 18:12:30 0 d-------- C:\Program Files\McAfee.com
2008-04-10 05:42:30 365222 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2008-03-20 15:59:40 0 d-------- C:\Program Files\Common Files\AOL
2008-03-09 19:53:03 0 d-------- C:\Documents and Settings\Warren\Application Data\Macromedia
2008-03-01 07:45:37 0 --a------ C:\Program Files\INTERN
2008-02-16 00:44:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 10:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [05/05/2008 02:27 PM]
"autoload"="C:\WINDOWS\system32\config\systemprofile\cftmon.exe" [05/05/2008 02:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [05/05/2008 02:27 PM]
"autoload"="C:\WINDOWS\system32\config\systemprofile\cftmon.exe" [05/05/2008 02:27 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/16/2007 05:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"LiveAntispy"=C:\Program Files\LiveAntispy\LiveAntispy.exe

C:\Documents and Settings\Warren\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c009F846]
C:\WINDOWS\system32\__c009F846.dat 05/05/2008 09:56 AM 38400 C:\WINDOWS\SYSTEM32\__c009F846.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMGvvSi.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3222c96-f13b-11db-8404-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9172790-adb8-11dc-8674-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-05 16:00:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 509.98 MiB / 247.3 MiB
Pagefile Memory (total/avail): 1244.74 MiB / 939.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.08 MiB

C: is Fixed (NTFS) - 71.51 GiB total, 32.66 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75JHA0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 71.51 GiB - C:
\PARTITION2 - Unknown - 2.93 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Common Files\\AOL\\1170814827\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1170814827\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\\explorer.exe"="%windir%\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\kavir.exe"="C:\\WINDOWS\\kavir.exe:*:Enabled:enable"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Warren\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Warren
LOGONSERVER=\\JESTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Warren\LOCALS~1\Temp
TMP=C:\DOCUME~1\Warren\LOCALS~1\Temp
USERDOMAIN=JESTER
USERNAME=Warren
USERPROFILE=C:\Documents and Settings\Warren
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Warren (admin)
Shirley (admin)
Kara (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
Analyse-it for Microsoft Excel --> C:\Program Files\Analyse-it\system\setup.exe /u
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compton's Interactive Encyclopedia 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Broderbund\CIE2000\DeIsL1.isu"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EuroTalk Talk Now Plus! --> C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_229d5\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
McDougal Littell EasyPlanner --> C:\WINDOWS\unvise32.exe C:\Program Files\EasyPlanner\uninstal.log
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Kara\Application Data\Move Networks\ie_bin\unins000.exe"
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Personalized Learning Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Reference Point Software Template for APA format, Word 2003 --> C:\PROGRA~1\REFERE~1\APA\word2003\UNWISE.EXE C:\PROGRA~1\REFERE~1\APA\word2003\INSTALL.LOG
Reference Point Template for APA Format WordPerfect (032) --> C:\PROGRA~1\REFERE~1\APA\WORDPE~1\UNWISE.EXE C:\PROGRA~1\REFERE~1\APA\WORDPE~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
SPSS 12.0 for Windows Student Version --> MsiExec.exe /I{43622C01-15D3-4E62-9AD9-BD7C007FD452}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
TurboTax Basic 2004 --> C:\Program Files\TurboTax\Basic 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1686 / Error
Event Submitted/Written: 05/05/2008 03:58:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1672 / Error
Event Submitted/Written: 05/04/2008 11:26:12 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application delextra.exe, version 1.0.0.0, faulting module MSVBVM60.DLL, version 6.0.96.90, fault address 0x00014964.
Error in creating result PEAP-TLV in response to received PEAP-TLV (delextra.exe!ld!)

Event Record #/Type1669 / Error
Event Submitted/Written: 05/04/2008 09:53:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application delextra.exe, version 1.0.0.0, faulting module MSVBVM60.DLL, version 6.0.96.90, fault address 0x00014964.
Processing media-specific event for [delextra.exe!ws!]

Event Record #/Type1667 / Error
Event Submitted/Written: 05/04/2008 09:52:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application delextra.exe, version 1.0.0.0, faulting module MSVBVM60.DLL, version 6.0.96.90, fault address 0x00014964.
Processing media-specific event for [delextra.exe!ws!]

Event Record #/Type1666 / Error
Event Submitted/Written: 05/04/2008 09:51:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application delextra.exe, version 1.0.0.0, faulting module MSVBVM60.DLL, version 6.0.96.90, fault address 0x00014964.
Processing media-specific event for [delextra.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-05-05 16:00:04 ------------

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 05 May 2008 - 03:29 PM

Please visit this webpage for download links, and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware, and will only take a few moments of your time.


After ensuring the Recovery Console is installed on your system...


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to disable realtime protection: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 May 2008 - 05:13 PM

Thank you for the quick response. I will not be able to get to that computer for a couple of hours, but will proceed with your instructions when I do. To save time, I want to get it right the first time, therefore:

After reviewing the instructions, I have a couple of questions:

1. The computer is running XP Home, SP2. When I log in as the account with Admin rights, I still get the Internet advertising popups as well as Spybot S&D messages asking whether a registry change can be made. While I see the instructions for turning off Spybot Teatimer, I'm concerned about the Internet ads. I think they just open when I try to access a new website, but I thought I'd bring that up. I don't want anything to interfere with ComboFix. Should I do this in Safe Mode or Safe Mode with Networking or is there anything else I should do?

2. As mentioned in my original post in "Am I Infected?" this computer had Norton360 installed. It doesn't appear to actually be working. My concern is whether or not this will be cause for concern during the running of ComboFix. History: The owner of the computer said it quit working after he downloaded the fake anti-spyware software and couldn't reinstall it. It is not in the Program list or Add/Remove Programs, but it's folder and contents are still in c:\Programs. The main executable does not work, so I wanted to uninstall and reinstall. However, I cannot find an uninstall executable on the computer or the cd. If I try to install from the cd, I'm told it is already installed. but if there is something I need to double-check, please advise. Should I check Services to see if it is running and stop it if it is there? After cleaning this machine, I plan to get rid of Nortons and just use AVG.

Sorry for the details, but I prefer to cover all the bases before I get stopped in the middle of the scan. Thanks.

#4 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 05 May 2008 - 08:45 PM

I ran the ComboFix and HijackThis. The logs are below. Note: While ComboFix was writing the log, a window popped up asking to update Kodak Easy Share. Also, the internet popup ads continue when I open a new Internet window.

Thanks again for your assistance.

ComboFix 08-05-01.3 - Warren 2008-05-05 21:17:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.248 [GMT -4:00]
Running from: C:\Documents and Settings\Warren\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Warren\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMab34d74e.xml
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aarjkkax.ini
C:\WINDOWS\system32\aruchgil.ini
C:\WINDOWS\SYSTEM32\aujhpmaq.ini
C:\WINDOWS\system32\ayurmujv.ini
C:\WINDOWS\system32\bakgceyn.ini
C:\WINDOWS\system32\baseewdrb32.dll
C:\WINDOWS\system32\bctlotuc.ini
C:\WINDOWS\SYSTEM32\BJmnmUtv.ini
C:\WINDOWS\SYSTEM32\BJmnmUtv.ini2
C:\WINDOWS\system32\bkigduco.ini
C:\WINDOWS\SYSTEM32\bKRYbcfe.ini
C:\WINDOWS\SYSTEM32\bKRYbcfe.ini2
C:\WINDOWS\system32\bmpwpnmf.ini
C:\WINDOWS\system32\bsikbcdo.ini
C:\WINDOWS\SYSTEM32\bsljnoyr.ini
C:\WINDOWS\SYSTEM32\ccbeg.bak1
C:\WINDOWS\SYSTEM32\ccbeg.bak2
C:\WINDOWS\SYSTEM32\ccbeg.ini
C:\WINDOWS\system32\cdpqfnsr.ini
C:\WINDOWS\system32\cdqambni.ini
C:\WINDOWS\system32\cejjblyt.ini
C:\WINDOWS\system32\cpdisjss.ini
C:\WINDOWS\system32\cpifklqc.ini
C:\WINDOWS\system32\daijgsco.ini
C:\WINDOWS\SYSTEM32\DcfiRXyb.ini
C:\WINDOWS\SYSTEM32\DcfiRXyb.ini2
C:\WINDOWS\system32\dcvtekpq.ini
C:\WINDOWS\system32\dfdudukh.ini
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\edumlrjt.ini
C:\WINDOWS\system32\esljhtgw.ini
C:\WINDOWS\system32\fbabwrqq.ini
C:\WINDOWS\system32\fdhdoign.ini
C:\WINDOWS\SYSTEM32\ffhkj.bak1
C:\WINDOWS\SYSTEM32\ffhkj.ini
C:\WINDOWS\system32\flrbyqow.ini
C:\WINDOWS\SYSTEM32\FNTvwyay.ini
C:\WINDOWS\SYSTEM32\FNTvwyay.ini2
C:\WINDOWS\system32\fqlxgbqj.ini
C:\WINDOWS\system32\frwymtpd.ini
C:\WINDOWS\system32\fwlkdpia.ini
C:\WINDOWS\system32\fxnbwpng.ini
C:\WINDOWS\system32\fynguwvv.ini
C:\WINDOWS\system32\gebxuts.dll
C:\WINDOWS\system32\gekipyvk.ini
C:\WINDOWS\SYSTEM32\gfhkj.bak1
C:\WINDOWS\SYSTEM32\gfhkj.bak2
C:\WINDOWS\SYSTEM32\gfhkj.ini
C:\WINDOWS\system32\gjibeger.ini
C:\WINDOWS\system32\gkmndgoc.ini
C:\WINDOWS\SYSTEM32\GOoXxGgh.ini
C:\WINDOWS\SYSTEM32\GOoXxGgh.ini2
C:\WINDOWS\system32\grrtcndt.ini
C:\WINDOWS\system32\gwmvgwke.ini
C:\WINDOWS\system32\hnweeswq.ini
C:\WINDOWS\system32\hodygxxo.ini
C:\WINDOWS\system32\hpgmvnkl.ini
C:\WINDOWS\system32\hpwsddko.ini
C:\WINDOWS\system32\hvjprutw.ini
C:\WINDOWS\system32\iouqotnq.ini
C:\WINDOWS\system32\ipjpwbtm.ini
C:\WINDOWS\system32\ipwhxdsm.ini
C:\WINDOWS\SYSTEM32\IRCfPqru.ini
C:\WINDOWS\SYSTEM32\IRCfPqru.ini2
C:\WINDOWS\SYSTEM32\iSvvGMoq.ini
C:\WINDOWS\SYSTEM32\iSvvGMoq.ini2
C:\WINDOWS\system32\ixrhyxfw.ini
C:\WINDOWS\system32\jencxstc.ini
C:\WINDOWS\system32\jfeojhsu.ini
C:\WINDOWS\SYSTEM32\jfsdnyyq.ini
C:\WINDOWS\SYSTEM32\jguqcewl.ini
C:\WINDOWS\system32\jqfgwkmn.ini
C:\WINDOWS\system32\jrpgotkx.ini
C:\WINDOWS\system32\jydlwmsp.ini
C:\WINDOWS\system32\kheivaei.ini
C:\WINDOWS\system32\kjoqjjsu.ini
C:\WINDOWS\system32\kldfkyyn.ini
C:\WINDOWS\SYSTEM32\klmprBeg.ini
C:\WINDOWS\SYSTEM32\klmprBeg.ini2
C:\WINDOWS\system32\kpudbphq.ini
C:\WINDOWS\system32\lcsvqhjk.ini
C:\WINDOWS\SYSTEM32\lotifkbv.ini
C:\WINDOWS\system32\lrxamcor.ini
C:\WINDOWS\system32\lsrdidit.ini
C:\WINDOWS\system32\lyqrvlbn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\merwcwvx.ini
C:\WINDOWS\system32\mmhwybfc.ini
C:\WINDOWS\SYSTEM32\mmllm.ini
C:\WINDOWS\SYSTEM32\mmllm.ini2
C:\WINDOWS\system32\mvbxykkl.ini
C:\WINDOWS\system32\mwqlflyl.ini
C:\WINDOWS\system32\nebxjgia.ini
C:\WINDOWS\system32\ngkvdexc.ini
C:\WINDOWS\system32\njaelgtt.ini
C:\WINDOWS\system32\nmhvhtnl.ini
C:\WINDOWS\system32\nvqibtaw.ini
C:\WINDOWS\system32\ofqrjwov.ini
C:\WINDOWS\system32\ofrkuigq.ini
C:\WINDOWS\system32\okkxoxte.ini
C:\WINDOWS\SYSTEM32\orutv.bak1
C:\WINDOWS\SYSTEM32\orutv.ini
C:\WINDOWS\system32\osssiaks.ini
C:\WINDOWS\system32\pcdfdali.ini
C:\WINDOWS\system32\pgcqpxyp.ini
C:\WINDOWS\system32\pmoviket.ini
C:\WINDOWS\system32\qesymrxe.ini
C:\WINDOWS\system32\qkoffgqi.ini
C:\WINDOWS\system32\qodebeuo.ini
C:\WINDOWS\system32\qsuftqnv.ini
C:\WINDOWS\system32\rcucqwde.ini
C:\WINDOWS\SYSTEM32\rifbxrpb.ini
C:\WINDOWS\system32\rktrvlxw.ini
C:\WINDOWS\system32\rkxhgbkw.ini
C:\WINDOWS\system32\rrwkklhl.ini
C:\WINDOWS\system32\rsmrccgo.ini
C:\WINDOWS\system32\rvunagen.ini
C:\WINDOWS\SYSTEM32\sgullcex.ini
C:\WINDOWS\system32\svwydylw.ini
C:\WINDOWS\system32\teuofyoi.ini
C:\WINDOWS\system32\tgkhpigy.ini
C:\WINDOWS\system32\tibwfnqb.ini
C:\WINDOWS\system32\tknyrsda.ini
C:\WINDOWS\SYSTEM32\tstwa.bak1
C:\WINDOWS\SYSTEM32\tstwa.bak2
C:\WINDOWS\SYSTEM32\tstwa.ini
C:\WINDOWS\SYSTEM32\tstwa.ini2
C:\WINDOWS\system32\tytpaave.ini
C:\WINDOWS\system32\uehdnysy.ini
C:\WINDOWS\system32\ulhpldgw.ini
C:\WINDOWS\system32\upwpwohp.ini
C:\WINDOWS\system32\uslwefyh.ini
C:\WINDOWS\system32\vegqpasw.ini
C:\WINDOWS\system32\viutbbcn.ini
C:\WINDOWS\system32\vncaypik.ini
C:\WINDOWS\system32\vocfmjyv.ini
C:\WINDOWS\system32\vocwewlh.ini
C:\WINDOWS\system32\vrqmbwni.ini
C:\WINDOWS\system32\vtUmJCRi.dll
C:\WINDOWS\system32\win_2.exe
C:\WINDOWS\system32\wmirghaw.ini
C:\WINDOWS\system32\wmnixhqc.ini
C:\WINDOWS\system32\wupensel.ini
C:\WINDOWS\system32\wxbcgabo.ini
C:\WINDOWS\system32\wxiisynp.ini
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\system32\xqheppoo.ini
C:\WINDOWS\system32\xwriaupt.ini
C:\WINDOWS\system32\yhelkyrw.ini
C:\WINDOWS\system32\yipvsntb.ini
C:\WINDOWS\system32\yqxxxseg.ini
C:\WINDOWS\system32\ytoltxwl.ini
C:\WINDOWS\SYSTEM32\yybeg.bak1
C:\WINDOWS\SYSTEM32\yybeg.bak2
C:\WINDOWS\SYSTEM32\yybeg.ini
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FMTR
-------\Legacy_JQVM465HMYGEBKPP6
-------\Service_jqvm465hmygebkpp6
-------\Legacy_Schedule
-------\Service_Schedule


((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-05 20:46 . 2008-05-05 14:27 9,728 --a------ C:\Documents and Settings\Warren\cftmon.exe
2008-05-05 20:45 . 2008-05-05 14:27 9,728 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-05-05 15:56 . 2008-05-05 15:56 <DIR> d-------- C:\Deckard
2008-05-05 14:27 . 2008-05-05 14:27 9,728 --a------ C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\cftmon.exe
2008-05-05 06:33 . 2008-05-05 06:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-05 06:33 . 2008-05-05 06:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 22:53 . 2008-05-04 22:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-04 22:51 . 2008-05-04 23:25 <DIR> d-------- C:\SDFix
2008-05-04 10:03 . 2008-05-04 18:51 6,218 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-01 21:28 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\winacisa.sys
2008-05-01 21:27 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usrti.sys
2008-05-01 21:26 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-05-01 21:25 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-05-01 21:24 . 2001-08-17 14:01 241,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tosdvd02.sys
2008-05-01 21:23 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\stlnata.sys
2008-05-01 21:22 . 2004-08-04 07:00 456,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-05-01 21:21 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\slntamr.sys
2008-05-01 21:20 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sgiul50.dll
2008-05-01 21:19 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-05-01 21:18 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3gnb.dll
2008-05-01 21:17 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-05-01 21:16 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-05-01 21:15 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-05-01 21:14 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\nv3.sys
2008-05-01 21:13 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\netwlan5.sys
2008-05-01 21:12 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtxparhd.dll
2008-05-01 21:11 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ltsm.sys
2008-05-01 21:10 . 2001-08-17 13:28 727,786 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ltck000c.sys
2008-05-01 21:09 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iconf32.dll
2008-05-01 21:08 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hsfdpsp2.sys
2008-05-01 21:07 . 2001-08-17 13:28 542,879 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hsf_msft.sys
2008-05-01 21:06 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-05-01 21:05 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fus2base.sys
2008-05-01 21:04 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\eqn.sys
2008-05-01 21:03 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
2008-05-01 21:02 . 2001-08-17 22:36 614,429 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\digiview.exe
2008-05-01 21:01 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-05-01 21:00 . 2001-08-17 14:05 314,752 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\camdro21.sys
2008-05-01 20:59 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati3duag.dll
2008-05-01 20:58 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\3cwmcru.sys
2008-05-01 20:57 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
2008-05-01 20:37 . 2008-05-01 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 19:30 . 2008-05-01 19:30 37,636 --a------ C:\WINDOWS\SYSTEM32\__c00C7528.exe
2008-05-01 19:25 . 2008-05-01 19:25 86,016 --a------ C:\WINDOWS\SYSTEM32\__c007E70.dat
2008-05-01 19:25 . 2008-05-05 10:53 1,014 ---hs---- C:\WINDOWS\SYSTEM32\07E700c__.ini
2008-04-30 07:02 . 2008-04-30 07:02 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-04-30 06:51 . 2008-04-30 07:02 <DIR> d-------- C:\VundoFix Backups
2008-04-30 06:46 . 2008-05-01 20:40 <DIR> d-------- C:\Program Files\LiveAntispy
2008-04-30 06:46 . 2008-04-30 06:46 <DIR> d-------- C:\LiveAntispy
2008-04-30 06:46 . 2008-04-30 06:46 37,636 --a------ C:\WINDOWS\SYSTEM32\__c00BFA78.exe
2008-04-30 06:46 . 2008-04-30 06:46 294 ---hs---- C:\WINDOWS\SYSTEM32\491E200c__.ini
2008-04-30 06:42 . 2008-04-30 06:42 86,016 --a------ C:\WINDOWS\SYSTEM32\__c002E194.dat
2008-04-29 22:15 . 2008-04-29 22:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-29 22:15 . 2008-04-29 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 21:25 . 2008-04-29 21:25 37,636 --a------ C:\WINDOWS\SYSTEM32\__c00605F6.exe
2008-04-29 19:51 . 2008-04-29 19:51 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-04-29 13:11 . 2004-12-20 12:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-29 13:11 . 2004-12-20 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-29 13:11 . 2008-05-04 23:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-29 13:11 . 2008-05-05 21:16 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-29 12:55 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-04-29 12:55 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-04-29 12:55 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-04-29 12:55 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-04-29 12:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-04-29 12:55 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-04-27 16:25 . 2008-04-27 16:25 17,772 --a------ C:\starts.exe
2008-04-27 15:18 . 2008-04-27 15:18 <DIR> d-------- C:\Documents and Settings\Warren\Application Data\TmpRecentIcons
2008-04-27 09:55 . 2008-04-27 09:55 <DIR> d-------- C:\Documents and Settings\Shirley\Application Data\TmpRecentIcons
2008-04-27 08:33 . 2008-04-27 08:33 86,016 --a------ C:\WINDOWS\SYSTEM32\__c0099DB6.dat
2008-04-27 08:20 . 2008-04-27 16:25 39,520 --a------ C:\winhost.exe
2008-04-27 08:19 . 2008-04-27 08:46 10,513 --a------ C:\startup.exe
2008-04-26 08:48 . 2008-04-26 08:48 0 --a------ C:\WINDOWS\SYSTEM32\perfn2872.dat
2008-04-25 02:45 . 2008-04-25 02:45 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-25 02:44 . 2008-04-29 21:42 <DIR> d-------- C:\Program Files\Symantec
2008-04-25 02:44 . 2008-04-29 21:42 <DIR> d-------- C:\Program Files\Norton 360
2008-04-25 02:44 . 2008-04-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 20:37 . 2008-05-04 23:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\Client
2008-04-20 04:03 . 2008-04-20 04:03 37,636 --a------ C:\WINDOWS\SYSTEM32\__c00A291.exe
2008-04-19 04:48 . 2008-04-27 15:53 320 --ahs---- C:\WINDOWS\SYSTEM32\qpAIOqru.ini
2008-04-18 20:48 . 2008-04-19 13:31 <DIR> d-------- C:\Documents and Settings\Kara\Application Data\Symantec
2008-04-14 23:54 . 2008-04-29 21:46 1,508,571 ---hs---- C:\WINDOWS\SYSTEM32\0201F00c__.ini
2008-04-14 23:54 . 2008-04-14 23:54 86,016 --a------ C:\WINDOWS\SYSTEM32\__c00F1020.dat
2008-04-14 01:23 . 2008-04-25 03:15 <DIR> d-------- C:\Documents and Settings\Shirley\Application Data\Symantec
2008-04-14 00:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-04-14 00:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-04-13 18:37 . 2008-04-13 20:06 <DIR> d-------- C:\Documents and Settings\Warren\Application Data\Symantec
2008-04-13 18:27 . 2008-04-13 18:34 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-04-13 18:27 . 2008-04-13 18:34 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-04-13 18:27 . 2008-04-13 18:34 10,563 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-04-13 18:27 . 2008-04-13 18:34 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-04-13 18:16 . 2008-04-29 21:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-11 23:30 . 2008-05-05 09:56 38,400 --a------ C:\WINDOWS\SYSTEM32\__c009F846.dat
2008-04-11 18:40 . 2008-04-11 18:40 26,752 --------- C:\WINDOWS\SYSTEM32\khfFWpol.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 19:52 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 00:46 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-05 00:46 --------- d-----w C:\Program Files\Common Files\Real
2008-05-04 23:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 15:13 --------- d-----w C:\Program Files\LimeWire
2008-04-14 10:41 --------- d-----w C:\Documents and Settings\Warren\Application Data\U3
2008-04-14 06:33 --------- d-----w C:\Documents and Settings\Shirley\Application Data\U3
2008-04-13 22:12 --------- d-----w C:\Program Files\McAfee.com
2008-04-13 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-20 19:59 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-20 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-19 23:07 --------- d-----w C:\Documents and Settings\Kara\Application Data\U3
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-01 11:45 0 ----a-w C:\Program Files\INTERN
2004-08-04 11:00 4,096 --sha-w C:\WINDOWS\SYSTEM32\1112.dat
2005-04-25 01:00 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 22:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 22:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 17:46 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LiveAntispy"="C:\Program Files\LiveAntispy\LiveAntispy.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c009F846]
C:\WINDOWS\system32\__c009F846.dat 2008-05-05 09:56 38400 C:\WINDOWS\SYSTEM32\__c009F846.dat

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1170814827\\ee\\aolsoftware.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22834:TCP"= 22834:TCP:port
"26040:TCP"= 26040:TCP:port

S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3222c96-f13b-11db-8404-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9172790-adb8-11dc-8674-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 18:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 21:24:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c009F846.dat
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-05 21:31:44 - machine was rebooted [Warren]
ComboFix-quarantined-files.txt 2008-05-06 01:31:40

Pre-Run: 34,971,394,048 bytes free
Post-Run: 34,724,106,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

410 --- E O F --- 2008-04-19 03:53:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:07 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LiveAntispy] C:\Program Files\LiveAntispy\LiveAntispy.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208142217515
O17 - HKLM\System\CCS\Services\Tcpip\..\{86AB4F89-8CC4-4007-AF42-99FAA1D02FF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: __c009F846 - C:\WINDOWS\system32\__c009F846.dat
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7110 bytes

#5 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 06 May 2008 - 01:53 AM

We can get rid of Symantec after that we have cleaned up your system, if that is ok for you.

You can always Disable realtime protection temporary, but i will always tell you when you when it is necessarry, otherwise keep them on.

Next: Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#6 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 May 2008 - 05:34 AM

This is the first time I am not getting the Internet Ad Popups...Yea! Here the log:

Malwarebytes' Anti-Malware 1.12
Database version: 723

Scan type: Quick Scan
Objects scanned: 40970
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\__c009F846.dat (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\msapp.bhoapp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aad1c6ad-10ab-4cae-97fb-0aaddec8a14b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msapp.bhoapp.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ccf3b40-253e-4d22-a790-c2a25de3f25b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3619035-750e-4a0a-8fb2-31d5c4bdc2d4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dc8305b3-1ee7-4d58-83ef-2c5bc6c6566c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009f846 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SpamBlockerUtility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Shirley\Application Data\antispywaresuite (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shirley\Application Data\antispywaresuite\Logs (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\hmlphl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\scerpt.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shirley\Application Data\antispywaresuite\avtasks.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shirley\Application Data\antispywaresuite\Logs\av.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shirley\Application Data\antispywaresuite\Logs\ga6Support.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shirley\Application Data\antispywaresuite\Logs\update.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c002E194.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c007E70.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c0099DB6.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c009F846.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\__c00F1020.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\basegkah32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\basewotl32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\khfFWpol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c00605F6.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c00A291.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c00BFA78.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\__c00C7528.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Warren\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#7 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 06 May 2008 - 08:10 AM

This is the first time I am not getting the Internet Ad Popups...Yea!


:thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for me to analyze.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


Also could you re-run Kasperasky online scanner and post fresh results.

Cheers
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#8 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 06 May 2008 - 06:51 PM

When I ran the Decker scan, it didn't give the extra.txt file this time. I re-ran it, and still none. I am posting the main.txt file below along with a new Kaspersky scan log. Computer still running well despite disappointing finds in K. scan. thanks for your help.

Deckard's System Scanner v20071014.68
Run by Warren on 2008-05-06 19:44:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Warren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:45 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Warren\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Warren.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208142217515
O17 - HKLM\System\CCS\Services\Tcpip\..\{86AB4F89-8CC4-4007-AF42-99FAA1D02FF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7384 bytes

-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 05:55:21 0 d-------- C:\Documents and Settings\Warren\Application Data\Malwarebytes
2008-05-06 05:55:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 05:55:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-05 23:18:15 0 d-------- C:\Program Files\Lavasoft
2008-05-05 23:18:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-05 23:16:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 22:42:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-05 22:40:31 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 22:40:31 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 22:03:40 0 d-------- C:\Program Files\QuickTime
2008-05-05 21:17:12 0 d-------- C:\cmdcons
2008-05-05 21:15:52 68096 --a------ C:\WINDOWS\zip.exe
2008-05-05 21:15:52 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-05 21:15:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-05 21:15:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-05 21:15:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-05 21:15:52 98816 --a------ C:\WINDOWS\sed.exe
2008-05-05 21:15:52 80412 --a------ C:\WINDOWS\grep.exe
2008-05-05 21:15:52 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-05 06:33:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 06:33:36 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 22:53:05 0 d-------- C:\WINDOWS\ERUNT
2008-05-04 10:03:39 6218 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-01 20:37:33 0 d-------- C:\Program Files\Trend Micro
2008-05-01 20:23:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-01 19:25:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-30 07:02:24 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-04-30 06:51:09 0 d-------- C:\VundoFix Backups
2008-04-30 06:49:59 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-04-30 06:49:56 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-04-30 06:46:31 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-30 06:46:29 0 d-------- C:\LiveAntispy
2008-04-29 22:15:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 19:51:21 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-29 13:11:15 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-29 13:11:15 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-29 13:11:15 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-29 13:11:15 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-29 13:11:15 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-29 13:11:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-29 13:11:14 2359296 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-27 16:25:12 17772 --a------ C:\starts.exe
2008-04-27 15:18:26 0 d-------- C:\Documents and Settings\Warren\Application Data\TmpRecentIcons
2008-04-27 10:28:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-27 09:55:00 0 d-------- C:\Documents and Settings\Shirley\Application Data\TmpRecentIcons
2008-04-27 08:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-27 08:20:04 39520 --a------ C:\winhost.exe
2008-04-27 08:19:37 10513 --a------ C:\startup.exe
2008-04-26 08:48:35 0 --a------ C:\WINDOWS\system32\perfn2872.dat
2008-04-25 02:45:11 0 d-------- C:\Program Files\Windows Sidebar
2008-04-25 02:44:47 0 d-------- C:\Program Files\Symantec
2008-04-25 02:44:46 0 d-------- C:\Program Files\Norton 360
2008-04-25 02:44:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 21:32:50 5242880 --a------ C:\Documents and Settings\Kara\ntuser.dat
2008-04-24 21:32:49 5767168 --a------ C:\Documents and Settings\Shirley\ntuser.dat
2008-04-24 21:32:48 6029312 --a------ C:\Documents and Settings\Warren\ntuser.dat
2008-04-24 20:37:31 0 d-------- C:\WINDOWS\system32\Client
2008-04-18 20:48:48 0 d-------- C:\Documents and Settings\Kara\Application Data\Symantec
2008-04-14 01:23:37 0 d-------- C:\Documents and Settings\Shirley\Application Data\Symantec
2008-04-13 18:37:17 0 d-------- C:\Documents and Settings\Warren\Application Data\Symantec
2008-04-13 18:16:47 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Find3M Report ---------------------------------------------------------------

2008-05-05 23:16:38 0 d-------- C:\Program Files\Common Files
2008-05-05 22:20:57 0 d-------- C:\Program Files\Java
2008-05-05 22:02:02 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 20:46:33 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 19:47:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 11:13:08 0 d-------- C:\Program Files\LimeWire
2008-05-01 19:02:03 0 --a------ C:\WINDOWS\system32\hl.dat
2008-04-14 06:41:06 0 d-------- C:\Documents and Settings\Warren\Application Data\U3
2008-04-13 18:12:30 0 d-------- C:\Program Files\McAfee.com
2008-03-20 15:59:40 0 d-------- C:\Program Files\Common Files\AOL
2008-03-09 19:53:03 0 d-------- C:\Documents and Settings\Warren\Application Data\Macromedia
2008-03-01 07:45:37 0 --a------ C:\Program Files\INTERN
2008-02-16 00:44:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 10:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/16/2007 05:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Warren\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3222c96-f13b-11db-8404-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9172790-adb8-11dc-8674-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-05-06 19:45:32 ------------

KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 7:43:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/05/2008
Kaspersky Anti-Virus database records: 742874


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 89212
Number of viruses found 111
Number of infected objects 363
Number of suspicious objects 0
Duration of the scan process 01:31:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Incomplete\Preview-T-2559308-Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Incomplete\Preview-T-3566386-06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Incomplete\T-3545425-mirror ne yo.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\MSHist012008050620080507\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Shared\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Warren\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000010.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtUmJCRi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qqz skipped

C:\QooBox\Quarantine\catchme2008-05-05_212346.40.zip/Documents and Settings/Administrator/Desktop/catchme.zip/FMR27.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\QooBox\Quarantine\catchme2008-05-05_212346.40.zip/Documents and Settings/Administrator/Desktop/catchme.zip/spools.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\QooBox\Quarantine\catchme2008-05-05_212346.40.zip/Documents and Settings/Administrator/Desktop/catchme.zip/SYST425.DLL Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\QooBox\Quarantine\catchme2008-05-05_212346.40.zip/Documents and Settings/Administrator/Desktop/catchme.zip Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\QooBox\Quarantine\catchme2008-05-05_212346.40.zip ZIP: infected - 4 skipped

C:\SDFix\backups\backups.zip/backups/382077.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\SDFix\backups\backups.zip/backups/cftmon.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\SDFix\backups\backups.zip/backups/delextra.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\SDFix\backups\backups.zip/backups/gndarmblvpg.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\SDFix\backups\backups.zip/backups/hosts Infected: Trojan.Win32.Qhost.aei skipped

C:\SDFix\backups\backups.zip/backups/kavir.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\SDFix\backups\backups.zip/backups/lcss.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\SDFix\backups\backups.zip/backups/mrcmgr.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\SDFix\backups\backups.zip/backups/svchost32.exe Infected: Trojan.Win32.Delf.btm skipped

C:\SDFix\backups\backups.zip/backups/sys32.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\SDFix\backups\backups.zip/backups/syst425.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\SDFix\backups\backups.zip/backups/WLCtrl32.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\SDFix\backups\backups.zip/backups/wxdbpfvo.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\SDFix\backups\backups.zip ZIP: infected - 13 skipped

C:\starts.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\startup.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP565\A0189860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.edw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0191037.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP566\A0191102.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qun skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP567\A0192152.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP567\A0192221.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP569\A0194365.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP569\A0195416.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP570\A0195491.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP571\A0196491.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0196531.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP573\A0196622.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bce skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP573\A0197690.dll Infected: Trojan.Win32.Monder.av skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP575\A0197824.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP577\A0199824.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP577\A0199908.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0199951.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0201051.dll Infected: Trojan.Win32.Monder.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP578\A0201135.dll Infected: Trojan.Win32.Monder.al skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP579\A0202173.dll Infected: Trojan.Win32.Monder.br skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP580\A0203173.dll Infected: Trojan.Win32.Monder.as skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP581\A0204179.dll Infected: Trojan.Win32.Monder.ch skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0204317.dll Infected: Trojan.Win32.Monder.cg skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP582\A0206427.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qug skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0206596.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.que skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP584\A0208763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qui skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP585\A0209794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP586\A0209917.dll Infected: Trojan.Win32.Monder.cr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0212964.dll Infected: Trojan.Win32.Monder.cx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213002.dll Infected: Trojan.Win32.Monder.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213037.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP588\A0213062.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP589\A0214094.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP589\A0214115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP590\A0216188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mwq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP591\A0216365.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217419.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217420.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qtx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217423.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217485.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217486.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217487.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP593\A0217488.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222471.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222498.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222500.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222501.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222502.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222503.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222505.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222506.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222513.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222516.exe Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222517.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222518.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222519.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222521.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222522.exe Infected: not-a-virus:AdWare.Win32.Hotbar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222527.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222531.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222532.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222535.exe Infected: not-a-virus:AdWare.Win32.HotBar.ax skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222538.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222540.dll Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222541.exe Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222542.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222543.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222545.dll Infected: not-a-virus:AdWare.Win32.HotBar.bj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222546.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222551.dll Infected: not-a-virus:AdWare.Win32.HotBar.bq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222556.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222559.exe Infected: not-a-virus:AdWare.Win32.HotBar.by skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222563.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222564.exe Infected: not-a-virus:AdWare.Win32.HotBar.bw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222566.exe Infected: not-a-virus:AdWare.Win32.HotBar.bt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222571.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222574.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222574.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222575.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222582.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222585.dll Infected: not-a-virus:AdWare.Win32.HotBar.ar skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP597\A0222587.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223825.exe Infected: not-a-virus:Downloader.Win32.WinFixer.an skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223827.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223828.dll Infected: Trojan.Win32.Monder.cd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223829.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223830.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223831.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223832.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223833.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223834.dll Infected: Trojan.Win32.Monder.bg skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223835.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223836.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223837.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223838.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223839.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223840.dll Infected: Trojan.Win32.Monder.cw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223841.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223842.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223843.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223844.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223845.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223846.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223847.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223848.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223849.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223850.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223851.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223852.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223853.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223854.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223855.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223856.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223857.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223858.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223859.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223860.dll Infected: Trojan.Win32.Monder.aq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223861.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223862.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223863.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223864.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223865.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223866.dll Infected: Trojan.Win32.BHO.re skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223867.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223868.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223869.dll Infected: Trojan.Win32.Monder.ae skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223870.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jxa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223871.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223872.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quf skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223873.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223874.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223875.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223876.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223877.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223878.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223879.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223880.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223881.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223882.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223883.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223884.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223885.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223886.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223887.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223888.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223889.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223890.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223891.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lwv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223893.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223896.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223897.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223898.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223899.dll Infected: Trojan.Win32.Monder.bw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223900.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223901.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223902.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223903.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223904.dll Infected: Trojan.Win32.Monder.cd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223905.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223906.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223907.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223908.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223909.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223910.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223911.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223912.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223913.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223914.dll Infected: Trojan.Win32.Monder.cl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223915.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223916.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223917.exe Infected: not-virus:Hoax.Win32.Renos.fi skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP601\A0223918.dll Infected: Trojan.Win32.Monder.ay skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP606\A0227706.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230334.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230354.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0230355.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231326.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231333.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231334.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231335.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231342.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231343.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231345.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231359.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231361.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231362.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP611\A0231382.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0231396.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0231400.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233367.exe Infected: Worm.Win32.AutoRun.dmh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233368.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0233369.exe Infected: Trojan.Win32.Qhost.aly skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235469.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235596.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235604.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235618.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235619.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235620.exe Infected: Worm.Win32.Socks.fa skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235621.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235622.EXE Infected: not-a-virus:AdWare.Win32.Background skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235623.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235624.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235625.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235626.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235627.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235628.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235629.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235630.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235631.dll Infected: Trojan.Win32.Monder.ao skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235632.dll Infected: Trojan.Win32.Monder.bc skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235633.dll Infected: Trojan.Win32.Monder.cq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235634.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235635.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235638.dll Infected: Trojan.Win32.Monder.ce skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235639.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235640.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235641.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235642.dll Infected: Trojan.Win32.Monder.ah skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235645.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235646.dll Infected: Trojan.Win32.Monder.bp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235647.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235649.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235650.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235651.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235653.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235654.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235655.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235656.dll Infected: Trojan.Win32.Monder.s skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235657.dll Infected: Trojan.Win32.BHO.rg skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235659.dll Infected: Trojan.Win32.Monder.bm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235661.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235662.dll Infected: Trojan.Win32.Monder.q skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235663.dll Infected: Trojan.Win32.Monder.cv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235664.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235665.dll Infected: Trojan.Win32.Monder.au skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235666.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235667.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235668.dll Infected: Trojan.Win32.Monder.cj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235669.dll Infected: Backdoor.Win32.Agent.dlj skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235670.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235671.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235674.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235675.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235677.dll Infected: Trojan.Win32.Monder.t skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235678.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235679.dll Infected: Trojan.Win32.Monder.p skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235680.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235681.dll Infected: Trojan.Win32.Monder.cq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235682.dll Infected: Trojan.Win32.Monder.bs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235684.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235685.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235686.dll Infected: Trojan.Win32.Monder.cf skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235687.dll Infected: Trojan.Win32.Monder.bl skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235688.dll Infected: Trojan.Win32.Monder.cm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235689.dll Infected: Trojan.Win32.Monder.ba skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235690.dll Infected: Trojan.Win32.Monder.cp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235691.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235692.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235693.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235694.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235695.dll Infected: Trojan.Win32.BHO.rd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235696.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235697.dll Infected: Trojan.Win32.Monder.bx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235699.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235702.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235703.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235704.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235707.dll Infected: Trojan.Win32.Monder.bs skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235708.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235709.dll Infected: Trojan.Win32.Monder.ai skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235724.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235731.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235748.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235750.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235751.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0235752.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236124.dll Infected: Trojan.Win32.Vapsup.ejp skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236125.dll Infected: Trojan.Win32.Vapsup.ejn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236126.exe Infected: Trojan.Win32.Vapsup.ejr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236127.exe Infected: Trojan.Win32.Vapsup.ejo skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236131.exe Infected: not-virus:Hoax.Win32.Renos.brr skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0236141.dll Infected: Trojan.Win32.Agent.kri skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238179.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238179.exe RAR: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238201.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238227.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238229.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238230.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238245.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238247.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238247.exe RAR: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0238338.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239380.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239381.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239382.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239414.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239415.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239416.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239417.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239418.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239419.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239420.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239421.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239423.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239424.exe Infected: Trojan.Win32.Delf.btm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239425.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239426.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239427.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239428.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239437.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239438.exe Infected: Trojan-Spy.Win32.Goldun.afk skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239441.dll Infected: not-a-virus:AdWare.Win32.E404.ag skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239442.exe Infected: Trojan-Downloader.Win32.Agent.njn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239443.exe Infected: Trojan-Clicker.Win32.VB.amx skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239444.dll Infected: Trojan.Win32.Vapsup.ejm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239445.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239446.exe Infected: Backdoor.Win32.DsBot.ox skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239449.exe Infected: Trojan.Win32.Delf.btm skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239450.exe Infected: Worm.Win32.AutoRun.dor skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239451.dll Infected: Trojan-Downloader.Win32.Small.cyn skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239453.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP613\A0239454.dll Infected: Trojan.Win32.Vapsup.ejq skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP616\A0240584.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqz skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP623\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{E9AF451A-8376-448A-B320-88235C09C487}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20080429-233401.backup Infected: Trojan.Win32.Qhost.aei skipped

C:\WINDOWS\SYSTEM32\DRIVERS\smccs.sys Infected: not-a-virus:AdWare.Win32.BHO.ars skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\winhost.exe Infected: Trojan.Win32.Qhost.aly skipped

Scan process completed.

#9 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 07 May 2008 - 03:26 PM

Few things we could do.

Please download OTMoveIt2 by OldTimer and save to your Desktop.
  • Double-click on OTMoveIt2.exe to launch the program.
  • Copy the file(s)/folder(s) paths listed below - highlight everything in the quote box and press CTRL+C or right-click and choose Copy.

C:\starts.exe
C:\startup.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20080429-233401.backup
C:\WINDOWS\SYSTEM32\DRIVERS\smccs.sys
C:\winhost.exe
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
C:\Documents and Settings\Warren\Incomplete\Preview-T-2559308-Rare Recording.wma
C:\Documents and Settings\Warren\Incomplete\Preview-T-3566386-06 Track 6.wma
C:\Documents and Settings\Warren\Incomplete\T-3545425-mirror ne yo.mp3
C:\Documents and Settings\Warren\Shared\03 Track 3.wma
C:\Documents and Settings\Warren\Shared\06 Track 6.wma
C:\Documents and Settings\Warren\Shared\Rare Recording.wma

  • Return to OTMoveIt2, right-click in the open text box labeled "Paste List of Files/Folders to be Moved" (under the light blue bar) and choose Paste.
  • Click the red MoveIt! button.
  • The list will be processed and the results will be displayed in the right-hand pane.
  • Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Click Exit when done.
  • A log of the results is automatically created and saved to C:\_OTMoveIt\MovedFiles \mmddyyyy_hhmmss.log <- the date/time the tool was run.
-- Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.

=============

Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

Re open OtMoveit, and click CleanUp! Button.

Reboot computer.

=============

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Re-scan using kaspersky post results.

What kind of issues are you receiving?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#10 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 07 May 2008 - 09:38 PM

I ran the OTMoveIt, all was completed and successful, and the file was saved. I wanted to complete your other tasks before posting, so I did not post the results immediately. Now that I'm done with the other tasks, the log is gone. I am still posting the results from the Kaspersky scan.

You asked what kind of issues I am receiving. I have not had any problems since the second round of tasks, which is fantastic! However, I need to get a bad Nortons360 install cleaned out. It is not in Add/Remove Programs, but the file folder is still in c:\Programs. I cannot uninstall it (the owner of this computer messed with it during his attempt to clean the machine.) I tried using the Widows Cleanup Utility, but that didn't clear it. I would like to get rid of it and use AVG. I'm concerned that I don't have any protection now, and wonder whether I can go ahead and install AVG since Nortons does not appear to be working. I don't want a conflict. So, can I do that, and can you tell me how to clean out the Nortons files properly?

I also noticed some other program folders on the c drive that do not show up in Add/Remove programs. I would like to get them off as well if they are not necessary: LiveAntispy, Limewire (I uninstalled that one), Norton360, SpamBlocker and Symantec. Can these folder simply be deleted?

Thanks for your help, and here are the results from the Kaspersky scan:
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 10:18:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 745361


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 77507
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:20:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat Object is locked skipped

C:\Documents and Settings\Warren\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000010.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{54600FF0-9138-4A92-A02F-4B796B890DEB}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 08 May 2008 - 03:53 AM

Hi!

Nice to hear things are better now!

You could delete smitfraudfix from your desktop, because we won't need it.

What comes to Symantec, there is a Norton/symantec leftover uninstaller that deletes all stubborn files so we could try that one.

Please see this link: http://service1.symantec.com/Support/tsgen...005033108162039

Let me know if it helped.

Then You need to have a Antivirus software, if you want to use avg that is ok but here are some alternatives just in case:

Avira AVG OR Active Virus shield? (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Post a fresh Hijackthislogfile in your next reply.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#12 laredo

laredo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 08 May 2008 - 04:25 PM

I deleted the items from the Admin desktop, and Nortons360 was successfully cleaned off. I also installed both AVG Anti-virus and Comodo Firewall. All seems well. Here's the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:50 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208142217515
O17 - HKLM\System\CCS\Services\Tcpip\..\{86AB4F89-8CC4-4007-AF42-99FAA1D02FF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.34 85.255.112.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7785 bytes

#13 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:24 AM

Posted 15 May 2008 - 03:31 AM

Sorry for the delay!

I was busy. Are you still there?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users