Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Anivirus Xp 2008 Problems


  • This topic is locked This topic is locked
14 replies to this topic

#1 mvb2

mvb2

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 24 July 2008 - 01:59 PM

Hello, I could use some expert assistance with my computer. I'm running windows xp with service pack 2 installed on a Dell 8400 purchased in late 2004 or early 2005. Pentium 4 CPU with 1GB of Ram.

I use the computer mainly for work and I'm having a lot of Malware and popup problems, also many redirection of browser windows. I really cannot work effectively and its become very frustrating. I will list everything that I can think of that I am having problems with in the order that I believe they occurred. I hope its not too overwhelming.


1. Malware on my computer. I have Spybot and always scan and try to remove they files using Spybot, but there are some that can never be removed such as Smitfraude and Virtumonde or variations of those files. I've had these particular files on my computer for probably a year and have never been able to remove. I've used various malware scanners such as Spybot, Windows Defender and others and never had success.

2. I run AutoCAD 14 on this computer. About 2 months ago, I started getting "out of memory" error when I run it. This caused an inability to access neccessary databases that AutoCAD uses when I am working on a drawing. It is an older version of Auto CAD, but never had this problem before. I've read posts on different websites that say because my version of AutoCAD (bought in 1998) is designed to run on an older computer systems, it doesn't recognize how to handle the 1GB of available memory when it loads on my newer computer system. That doesn't make sense to me and it worked before. I loaded the same AutoCAD program on my laptop with Windows XP and it is running fine. Maybe if I'm able to get the Malware removed from my computer, this AutoCAD problem will go away.?

3. My internet options always automatically resets itself to "accept all cookies".

4. An Antivirus XP 2008 short-cut was placed on my desktop yesterday and not by my choice.

5. Yesterday I started getting a "WINDOWS SECURITY ALERT" message on my screen which looks like it could be from Microsoft but I believe it is Malware. The message says things like "Do you want to block this software from sending data over the internet?" and it shows "Name: Trojan-Downloader.Win32.Agent.bq" and "Risk Level: CRITICAL" and it gives an option to click on a line that states "Click here to pick recommended software to resolve this issue".

6. Yesterday, my screen changed to a different shade of blue and a a square alert box in center of desktop reads in yellow lettering "Spyware detected on your computer!. Install an antivirus or spyware remover to clean your computer!" This alert box is constant.

7. Last problem that occurred is that I think the computer crashed. As I was scanning my computer with the Kapersky Online Scanner, the computer monitor went a lighter shade of blue and had white text that read something like following "Panic_Stack_Switch"; "Disable Bios memory options such as caching and shadowing"; "If this is the first time this happened, shut down and reboot. If problem persists", etc......... Then it kept trying to reboot on its own. I turned off the computer with the on/off button and restarted. I turned the computer back on and this hasn't happened again.

That is everything that I can think of. Just trying to give you thorough information.

Can anybody help? Thank you for your time.

Here are my DSS text files:



Deckard's System Scanner v20071014.68
Run by Martin Biesinger on 2008-07-24 13:11:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-24 17:11:51 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-24 17:08:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Martin Biesinger.exe) ------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-24 13:15:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe
C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SYSTEM32\hpjetdsc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {18F1EB53-9DC5-4E61-9270-C9BAC5761E7F} - (no file)
O2 - BHO: (no name) - {520DE206-8CFD-4DD0-8596-3AE3FDF686A5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {3787ccbb-9e43-bdb8-0384-67d84ed432fd} - {df234de4-8d76-4830-8bdb-34e9bbcc7873} - C:\WINDOWS\SYSTEM32\wfepqnbi.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKLM\..\Policies\Explorer\Run: [oFFyo17QPw] C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/f...tualEarth3D.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9...heckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - SSODL: genapi - {182E5954-5717-A4CA-E449-08A770840CFD} - C:\Program Files\cmxsrjg\genapi.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe


--
End of file - 5594 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\MARTIN~1.BAS\Desktop\backups\) --------

backup-20051205-032940-157 O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
backup-20051205-033742-405 O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp56DA.tmp
backup-20051205-033742-801 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20051205-191936-891 O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\jkhfc.dll
backup-20051205-192011-262 O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\jkhfc.dll
backup-20051205-192038-908 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20051205-192114-931 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20051205-193237-375 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060103-191327-393 O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
backup-20060103-191441-538 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060210-125612-255 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
backup-20060210-125612-268 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060210-125612-337 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20060210-125612-592 O15 - Trusted Zone: *.musicmatch.com
backup-20060210-125612-802 O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
backup-20060210-125612-987 O15 - Trusted Zone: *.musicmatch.com (HKLM)
backup-20060406-220908-370 O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
backup-20060406-220909-916 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060406-220935-382 O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
backup-20060406-220935-587 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060413-033629-201 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20060413-033940-697 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060413-034709-856 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060605-174503-988 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20060913-130107-763 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070830-205926-649 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070830-210007-115 O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070830-210007-239 O20 - Winlogon Notify: ssqro - C:\WINDOWS\system32\ssqro.dll (file missing)
backup-20070830-210007-423 O20 - Winlogon Notify: tuvurol - C:\WINDOWS\SYSTEM32\tuvurol.dll
backup-20070830-210007-569 O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll
backup-20070830-210007-656 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070830-210007-856 O20 - Winlogon Notify: ssqpn - C:\WINDOWS\system32\ssqpn.dll (file missing)
backup-20070830-210007-929 O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
backup-20070830-210123-126 O2 - BHO: (no name) - {1845FAE2-0EA8-4671-B8D8-6F12C972CAAE} - C:\WINDOWS\system32\sstqr.dll
backup-20070830-210123-203 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20070830-210123-274 O2 - BHO: (no name) - {AEF8B5F8-710D-4F58-A1A1-84B34B0516C3} - C:\WINDOWS\system32\pmkjh.dll (file missing)
backup-20070830-210123-345 O2 - BHO: (no name) - {D0671A76-E9ED-4714-87A6-3AD412D74ADb} - C:\WINDOWS\system32\imiiupfb.dll (file missing)
backup-20070830-210123-680 O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\tuvurol.dll
backup-20070830-210123-758 O2 - BHO: (no name) - {72B25940-4C3B-4709-B82D-6F9B3BBCD859} - C:\WINDOWS\system32\ssqpn.dll (file missing)
backup-20070830-210123-943 O2 - BHO: (no name) - {3C5F7CAC-263B-46BD-AF41-6A833ED09676} - C:\WINDOWS\system32\geeba.dll (file missing)
backup-20070830-210123-999 O2 - BHO: (no name) - {ABCFE6CB-4281-4085-9CF6-063B288CC957} - C:\WINDOWS\system32\ssqro.dll (file missing)
backup-20070831-132502-345 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
backup-20070831-132502-555 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
backup-20070831-132502-565 O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
backup-20070831-132502-740 O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
backup-20070831-132502-835 O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
backup-20070831-132503-398 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070831-132503-584 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
backup-20070831-132503-614 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070831-132503-727 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070831-132503-971 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
backup-20070902-110910-133 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070902-110910-353 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20070902-110910-528 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070902-110910-563 O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
backup-20070907-021512-220 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20070907-021512-430 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
backup-20070907-021512-440 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070907-021512-615 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070907-021512-694 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
backup-20070907-022518-641 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070910-123103-232 O11 - Options group: [INTERNATIONAL] International*
backup-20070910-123103-239 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070910-123103-397 O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
backup-20070910-123103-506 O23 - Service: DomainService - - C:\WINDOWS\system32\dvbfmghd.exe
backup-20070910-123103-617 O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
backup-20070910-123103-637 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070910-123103-792 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
backup-20070910-175621-530 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070910-175621-548 O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.trimble.com/datatransfer/v135/isetupml.cab
backup-20070912-125058-810 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20070912-125058-955 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070926-224031-341 O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
backup-20071004-125105-257 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071004-125105-969 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071004-165728-245 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071004-165728-465 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071004-165728-673 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20071004-173817-224 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071004-173817-382 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20071004-173817-619 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071004-173817-776 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20071009-215500-321 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071009-215500-707 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071011-225005-156 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071011-225005-667 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-110301-667 O2 - BHO: (no name) - {3800CA58-50C1-421E-AD38-CF43D31A2747} - C:\WINDOWS\system32\pmnnk.dll
backup-20071113-110301-751 O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\bjtnorfw.dll
backup-20071113-110301-824 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\qomllji.dll
backup-20071113-110301-937 O2 - BHO: (no name) - {6521CA12-B66A-4E0C-B036-554418E39698} - C:\WINDOWS\system32\brccydal.dll (file missing)
backup-20071113-110336-986 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\qomllji.dll
backup-20071113-110426-192 O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20071113-110426-386 O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20071113-110426-518 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071113-110426-683 O20 - Winlogon Notify: qomllji - C:\WINDOWS\SYSTEM32\qomllji.dll
backup-20071113-110426-717 O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20071113-110426-946 O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20071113-110427-480 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-110539-892 O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
backup-20071113-110644-388 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\qomllji.dll
backup-20071113-110644-390 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-110644-663 O20 - Winlogon Notify: qomllji - C:\WINDOWS\SYSTEM32\qomllji.dll
backup-20071113-110719-470 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-110751-113 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-121653-204 O20 - Winlogon Notify: qomllji - C:\WINDOWS\SYSTEM32\qomllji.dll
backup-20071113-121653-809 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071113-121653-829 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071113-121653-860 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\qomllji.dll
backup-20071117-132251-347 O2 - BHO: {00963fd6-5bc6-74f9-da24-f55bce79b02f} - {f20b97ec-b55f-42ad-9f47-6cb56df36900} - C:\WINDOWS\system32\yvlfeueh.dll
backup-20071117-132251-374 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071117-132251-406 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20071117-132251-416 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20071117-132251-583 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071117-132251-594 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071117-132251-673 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20071117-132251-769 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071117-132251-801 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20071117-132251-872 O2 - BHO: (no name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\qomllji.dll
backup-20071117-132252-221 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071117-132252-263 O20 - Winlogon Notify: qomllji - C:\WINDOWS\SYSTEM32\qomllji.dll
backup-20071117-132252-317 O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
backup-20071117-132252-747 O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
backup-20071117-132252-793 O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
backup-20071117-132252-988 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071228-111546-270 O20 - Winlogon Notify: ljjkigf - C:\WINDOWS\SYSTEM32\ljjkigf.dll
backup-20071228-111546-292 O2 - BHO: (no name) - {41FD3C19-6B7D-4DA9-B44C-C552334B15EC} - C:\WINDOWS\system32\mlljj.dll
backup-20071228-111546-425 O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ljjkigf.dll
backup-20071228-111546-510 O2 - BHO: (no name) - {BBEC49D9-BF46-4FBF-9860-0BE485BD1FF4} - C:\WINDOWS\system32\pmkhe.dll
backup-20071228-111546-758 O2 - BHO: (no name) - {A7E3D1F6-2B4C-4D0A-A6FF-E8BE022EBB63} - C:\WINDOWS\system32\ssqpp.dll
backup-20071228-111546-835 O2 - BHO: (no name) - {5CBEC815-5645-4E4F-9A64-F6CA973DD438} - C:\WINDOWS\system32\vtstt.dll
backup-20080510-164319-101 O4 - HKLM\..\Run: [c89552a2] rundll32.exe "C:\WINDOWS\system32\pxmnraup.dll",b
backup-20080510-164319-881 O4 - HKLM\..\Run: [BMcba6613e] Rundll32.exe "C:\WINDOWS\system32\pamyofhl.dll",s
backup-20080510-164319-997 O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
backup-20080510-214819-125 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080510-214819-157 O4 - HKLM\..\Run: [BMcba6613e] Rundll32.exe "C:\WINDOWS\system32\yuorrjbv.dll",s
backup-20080510-214819-334 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
backup-20080510-214819-424 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080510-214819-520 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080510-214819-814 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080510-215446-771 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20080511-102606-697 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080511-102606-876 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080511-102606-907 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20080511-102606-918 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080724-052208-111 O2 - BHO: (no name) - {D6FF5E48-1599-4BB7-B184-CF612DAA7EDB} - C:\WINDOWS\system32\awtqoNDw.dll (file missing)
backup-20080724-052208-161 O2 - BHO: (no name) - {B39FD505-22E0-4E1F-A625-C473005D1EFF} - (no file)
backup-20080724-052208-165 O2 - BHO: (no name) - {59D29B25-371D-4C3F-BB37-59EB8E2EC830} - C:\WINDOWS\system32\jkkIAQJc.dll (file missing)
backup-20080724-052208-257 O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\ljJBtuvW.dll (file missing)
backup-20080724-052208-264 O20 - Winlogon Notify: ljJBtuvW - ljJBtuvW.dll (file missing)
backup-20080724-052208-527 O4 - HKCU\..\Run: [SrvMonChk] C:\WINDOWS\system32\dmtotmvi.exe
backup-20080724-052208-773 O4 - HKLM\..\Run: [c89552a2] rundll32.exe "C:\WINDOWS\system32\cculygxq.dll",b
backup-20080724-052208-780 O2 - BHO: (no name) - {E0AFF9A8-F6D9-4E38-9BE3-FD1033C1D9C7} - C:\WINDOWS\system32\iifdcAtU.dll (file missing)
backup-20080724-052208-862 O2 - BHO: (no name) - {760FCF8B-19D4-431A-82D6-F165821AE7B3} - C:\WINDOWS\system32\tuvVOIBr.dll (file missing)
backup-20080724-052208-894 O2 - BHO: (no name) - {AC4E72A4-8774-4779-8183-B0E307BD0E8B} - C:\WINDOWS\system32\khfGvwuv.dll (file missing)

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - %1 %*
.scr - AutoCADScript - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 core - c:\windows\system32\drivers\core.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S2 NZNQFQFW - c:\windows\system32\nznqfqfw.nrr (file missing)
S3 TrmbTS (TrimbleTS Driver (TrmbTS.sys)) - c:\windows\system32\drivers\trmbts.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 TRMUSB5K (Trimble USB GPS Driver) - c:\windows\system32\drivers\trmusb5k.sys <Not Verified; e-TEK Labs; General Purpose USB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Imapi Helper - "c:\program files\alex feinman\iso recorder\imapihelper.exe" <Not Verified; Alex Feinman; ISO Recorder>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 06:32:40 0 d-------- C:\Program Files\cmxsrjg
2008-07-24 06:32:34 86016 --a------ C:\WINDOWS\system32\srsbmhev.exe
2008-07-24 06:32:33 110080 --a------ C:\WINDOWS\system32\ytcpqzan.exe
2008-07-24 02:10:35 94208 --a------ C:\WINDOWS\system32\pphcp10j0ea05.exe
2008-07-24 02:10:34 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\rhct10j0ea05
2008-07-24 02:10:19 0 d-------- C:\Program Files\rhct10j0ea05
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-07-24 02:10:16 0 d-------- C:\WINDOWS\system32\smp
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-07-24 02:10:16 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-07-24 02:10:12 0 d-------- C:\Program Files\gdeklx
2008-07-24 02:10:11 60928 --a------ C:\WINDOWS\system32\blphcp10j0ea05.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-24 02:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\bircpsfy
2008-07-24 02:10:09 110080 --a------ C:\WINDOWS\system32\lphcp10j0ea05.exe
2008-07-24 02:10:09 94208 --a------ C:\WINDOWS\system32\dmtotmvi.exe
2008-07-14 18:00:24 0 d-------- C:\Program Files\Photodex Presenter
2008-07-14 18:00:24 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Netscape
2008-07-14 18:00:24 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-07-24 13:05:56 2563 --a------ C:\WINDOWS\system32\HPANT.DAT
2008-07-24 07:26:09 0 d-------- C:\Program Files\Java
2008-07-23 14:11:27 0 d-------- C:\Program Files\Land Desktop
2008-06-21 18:32:46 758975 --ahs---- C:\WINDOWS\system32\vuwvGfhk.ini2
2008-06-21 15:34:19 101952 --a------ C:\WINDOWS\system32\wfepqnbi.dll
2008-06-21 15:28:19 102976 --a------ C:\WINDOWS\system32\wpeimahf.dll
2008-06-20 15:26:48 102464 --a------ C:\WINDOWS\system32\quvxswim.dll
2008-06-19 15:29:09 102464 --a------ C:\WINDOWS\system32\wbfswrph.dll
2008-06-19 15:26:10 102464 --a------ C:\WINDOWS\system32\psdpfsvy.dll
2008-06-18 15:29:22 102464 --a------ C:\WINDOWS\system32\yvpmuosy.dll
2008-06-18 15:26:22 102464 --a------ C:\WINDOWS\system32\lrfvieiy.dll
2008-06-17 15:27:23 104512 --a------ C:\WINDOWS\system32\lshmfipy.dll
2008-06-17 15:25:10 102976 --a------ C:\WINDOWS\system32\lvullpve.dll
2008-06-16 13:11:37 94272 --a------ C:\WINDOWS\system32\oaxwugtp.dll
2008-06-15 13:14:37 94272 --a------ C:\WINDOWS\system32\yjqoeqpp.dll
2008-06-15 13:08:37 101952 --a------ C:\WINDOWS\system32\nxbsspeb.dll
2008-06-14 13:14:37 104512 --a------ C:\WINDOWS\system32\puycbpwk.dll
2008-06-14 13:08:37 102976 --a------ C:\WINDOWS\system32\truousde.dll
2008-06-13 13:12:21 102976 --a------ C:\WINDOWS\system32\rrjssgla.dll
2008-06-12 13:08:47 104000 --a------ C:\WINDOWS\system32\qxvhgcgf.dll
2008-06-12 13:06:42 101440 --a------ C:\WINDOWS\system32\sjdtrpix.dll
2008-06-11 12:19:37 103488 --a------ C:\WINDOWS\system32\qtrsffjv.dll
2008-06-09 12:22:41 104512 --a------ C:\WINDOWS\system32\rwhthueq.dll
2008-06-09 12:17:36 101952 --a------ C:\WINDOWS\system32\lmfaojly.dll
2008-06-07 23:10:24 2624 --a------ C:\WINDOWS\system32\csyofyru.exe
2008-06-07 23:04:32 104512 --a------ C:\WINDOWS\system32\qibrfroc.dll
2008-06-07 23:04:25 103488 --a------ C:\WINDOWS\system32\qwovijfj.dll
2008-06-05 12:31:31 2624 --a------ C:\WINDOWS\system32\mdwwbrvd.exe
2008-06-04 12:34:15 2624 --a------ C:\WINDOWS\system32\stsaeees.exe
2008-06-04 12:31:16 102976 --a------ C:\WINDOWS\system32\rgrfplqw.dll
2008-06-03 12:32:50 103488 --a------ C:\WINDOWS\system32\psplysrw.dll
2008-06-03 12:29:49 2624 --a------ C:\WINDOWS\system32\woshgcis.exe
2008-06-03 12:23:51 104512 --a------ C:\WINDOWS\system32\lmxtmsqf.dll
2008-06-02 12:35:02 105024 --a------ C:\WINDOWS\system32\roooovxo.dll
2008-06-02 12:32:01 2624 --a------ C:\WINDOWS\system32\tureicud.exe
2008-06-02 12:26:02 101952 --a------ C:\WINDOWS\system32\qpkjayhk.dll
2008-06-01 12:29:37 2624 --a------ C:\WINDOWS\system32\awvkbrjk.exe
2008-06-01 12:26:37 105024 --a------ C:\WINDOWS\system32\xrbqaray.dll
2008-06-01 12:23:37 101952 --a------ C:\WINDOWS\system32\lxapipqg.dll
2008-05-31 12:28:42 2624 --a------ C:\WINDOWS\system32\ursqnuwl.exe
2008-05-31 12:25:42 101952 --a------ C:\WINDOWS\system32\skxugubb.dll
2008-05-30 12:30:30 2624 --a------ C:\WINDOWS\system32\dmjgihbk.exe
2008-05-30 12:22:46 101952 --a------ C:\WINDOWS\system32\wjqyufdl.dll
2008-05-28 11:22:42 2624 --a------ C:\WINDOWS\system32\urkmrodi.exe
2008-05-28 11:16:42 105024 --a------ C:\WINDOWS\system32\lhlapgfu.dll
2008-05-27 12:50:55 2624 --a------ C:\WINDOWS\system32\lgnwewcm.exe
2008-05-26 00:54:54 105024 --a------ C:\WINDOWS\system32\oglmhdop.dll
2008-05-26 00:51:53 2624 --a------ C:\WINDOWS\system32\teblcvff.exe
2008-05-25 00:51:34 2624 --a------ C:\WINDOWS\system32\bwxxbleu.exe
2008-05-25 00:43:13 102464 --a------ C:\WINDOWS\system32\qocaslmw.dll
2008-05-23 11:54:16 906416 --ahs---- C:\WINDOWS\system32\rBIOVvut.ini2
2008-05-22 22:55:21 2624 --a------ C:\WINDOWS\system32\yipkeqlj.exe
2008-05-22 22:49:22 103488 --a------ C:\WINDOWS\system32\oqlewgcl.dll
2008-05-21 22:49:21 2624 --a------ C:\WINDOWS\system32\lrnbwpen.exe
2008-05-21 22:46:22 104512 --a------ C:\WINDOWS\system32\oerkpbii.dll
2008-05-21 22:43:22 105024 --a------ C:\WINDOWS\system32\njtmupqg.dll
2008-05-20 22:45:45 2624 --a------ C:\WINDOWS\system32\ybfrfufq.exe
2008-05-19 22:49:28 2624 --a------ C:\WINDOWS\system32\qibfvkdj.exe
2008-05-18 22:48:19 2112 --a------ C:\WINDOWS\system32\uxkxlgpi.exe
2008-05-18 22:42:19 3648 --a------ C:\WINDOWS\system32\mrtsjrpi.dll
2008-05-17 22:48:19 2112 --a------ C:\WINDOWS\system32\weagukjp.exe
2008-05-17 22:42:19 3648 --a------ C:\WINDOWS\system32\hnjkoeri.dll
2008-05-16 22:54:19 2112 --a------ C:\WINDOWS\system32\flaqxpnu.exe
2008-05-16 22:45:19 3648 --a------ C:\WINDOWS\system32\grnqaxeo.dll
2008-05-15 22:45:19 2112 --a------ C:\WINDOWS\system32\cejnbskv.exe
2008-05-15 22:40:26 3648 --a------ C:\WINDOWS\system32\uidjwqgm.dll
2008-05-14 18:31:21 2112 --a------ C:\WINDOWS\system32\pmlnqdbg.exe
2008-05-14 18:22:21 3648 --a------ C:\WINDOWS\system32\vlrpsahf.dll
2008-05-13 22:40:21 2112 --a------ C:\WINDOWS\system32\hydcqhch.exe
2008-05-13 22:31:30 3648 --a------ C:\WINDOWS\system32\heqibqgn.dll
2008-05-12 14:23:54 1040432 --ahs---- C:\WINDOWS\system32\cJQAIkkj.ini2
2008-05-12 12:14:29 1390255 --a------ C:\SmitfraudFix.exe
2008-05-11 23:55:36 2112 --a------ C:\WINDOWS\system32\mciinmqt.exe
2008-05-11 00:00:02 2112 --a------ C:\WINDOWS\system32\ywtkkioy.exe
2008-05-10 23:33:41 1038464 --ahs---- C:\WINDOWS\system32\wDNoqtwa.ini2
2008-05-10 22:58:01 2112 --a------ C:\WINDOWS\system32\kehkfxag.exe
2008-05-10 22:48:26 1041011 --ahs---- C:\WINDOWS\system32\HOWGNXbc.ini2
2008-05-10 21:32:08 1040524 --ahs---- C:\WINDOWS\system32\oppYJRqr.ini2
2008-05-10 17:07:05 1048434 --ahs---- C:\WINDOWS\system32\kSDKkUvw.ini2
2008-05-07 13:21:15 2112 --a------ C:\WINDOWS\system32\wjnhjagn.exe
2008-05-06 13:21:15 2112 --a------ C:\WINDOWS\system32\gwdpmcug.exe
2008-05-06 13:07:54 412068 --ahs---- C:\WINDOWS\system32\UtAcdfii.ini2
2008-04-25 12:00:53 420175 --ahs---- C:\WINDOWS\system32\LTsCcfhk.ini2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F1EB53-9DC5-4E61-9270-C9BAC5761E7F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{520DE206-8CFD-4DD0-8596-3AE3FDF686A5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df234de4-8d76-4830-8bdb-34e9bbcc7873}]
06/21/2008 03:34 PM 101952 --a------ C:\WINDOWS\system32\wfepqnbi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 01:16 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
"P17Helper"="P17.dll" [06/10/2004 12:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 09:23 AM]
"Logitech Utility"="Logi_MwX.Exe" [03/04/2003 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/13/2005 11:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP JetDiscovery"="HPJETDSC.EXE" [06/03/1998 05:23 PM C:\WINDOWS\SYSTEM32\hpjetdsc.exe]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Martin Biesinger.BASEMENT2\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 1:58:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [3/20/2004 1:58:38 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"oFFyo17QPw"=C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genapi"= {182E5954-5717-A4CA-E449-08A770840CFD} - C:\Program Files\cmxsrjg\genapi.dll [07/24/2008 06:32 AM 98304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGvwuv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8915 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-24 13:16:30 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1022.09 MiB / 623.47 MiB
Pagefile Memory (total/avail): 2463.18 MiB / 2205.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.94 GiB total, 31.11 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 70.94 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\knwttkxm.exe"="C:\\WINDOWS\\system32\\knw"
"C:\\WINDOWS\\system32\\eiqnddhm.exe"="C:\\WINDOWS\\system32\\eiq"
"C:\\WINDOWS\\system32\\ddtabmma.exe"="C:\\WINDOWS\\system32\\ddt"
"C:\\WINDOWS\\system32\\wiyeqmvk.exe"="C:\\WINDOWS\\system32\\wiy"
"C:\\WINDOWS\\system32\\xcegudbp.exe"="C:\\WINDOWS\\system32\\xce"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\SYSTEM32\\spoolsv.exe"="C:\\WINDOWS\\SYSTEM32\\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE:*:Disabled:Microsoft Word"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASEMENT-MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Martin Biesinger.BASEMENT2
LOGONSERVER=\\BASEMENT-MAIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Autodesk\DWG TrueView\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp
USERDOMAIN=BASEMENT-MAIN
USERNAME=Martin Biesinger
USERPROFILE=C:\Documents and Settings\Martin Biesinger.BASEMENT2
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Martin Biesinger.BASEMENT2 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Installshield Installation Information\{08082034-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082034-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AntivirXP08 --> "C:\Program Files\rhct10j0ea05\uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD Land Development --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Land Desktop\DeIsL2.isu"
AutoCAD Map for Land Desktop --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Land Desktop\DeIsL1.isu"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DWG TrueView 2007 --> MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\HijackThis.exe /uninstall
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JetAdmin v3.02 --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\system32\DeIsL2.isu
Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Premier: Professional Services Edition 2004 --> C:\Program Files\Installshield Installation Information\{2b02f834-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f834-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Signature995 --> C:\Program Files\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Terrain Navigator Pro --> C:\WINDOWS\TPuninst.exe C:\Program Files\Maptech\Terrain Navigator Pro
Trimble Data Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetupML -ether"C:\Program Files\InstallShield Installation Information\{D2D40BAE-7B66-11D3-882B-00105A64914B}" -l0009 -l0x9 -l0009 uninstall
Trimble Geomatics Office v1.62 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5161B3-ECCB-4099-9D9B-CFCF5B7010E6}\setup.exe" -l0009
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type13939 / Warning
Event Submitted/Written: 07/24/2008 01:08:01 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13938 / Warning
Event Submitted/Written: 07/24/2008 01:08:01 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type13934 / Warning
Event Submitted/Written: 07/24/2008 06:31:10 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13933 / Warning
Event Submitted/Written: 07/24/2008 06:31:10 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type13929 / Warning
Event Submitted/Written: 07/24/2008 05:24:13 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7833 / Warning
Event Submitted/Written: 07/24/2008 02:34:04 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7832 / Warning
Event Submitted/Written: 07/24/2008 02:13:11 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7817 / Warning
Event Submitted/Written: 07/23/2008 01:13:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7816 / Warning
Event Submitted/Written: 07/23/2008 00:15:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type7815 / Warning
Event Submitted/Written: 07/23/2008 11:47:45 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-24 13:16:30 ------------

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 24 July 2008 - 06:46 PM

Hello mvb2

Welcome to BleepingComputer :thumbsup:
========================
The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir
or
Avast
as long as you only install one.
========================
Then:
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 25 July 2008 - 12:16 AM

Okay. As you instructed. Used most recent version of Hijackthis.




ComboFix 08-07-24.1 - Martin Biesinger 2008-07-25 0:51:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.617 [GMT -4:00]
Running from: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\rhct10j0ea05
C:\Documents and Settings\Martin Biesinger.BASEMENT2\My Documents\ICROSO~1.NET
C:\Documents and Settings\Martin Biesinger.BASEMENT2\My Documents\SSTEM3~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\racle~1
C:\Program Files\rhct10j0ea05
C:\Program Files\Temporary
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\17o7
C:\temp\17o7\tmpTF.log
C:\Temp\aZ001.exe
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\BMcba6613e.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aawvurcy.ini
C:\WINDOWS\SYSTEM32\abadd.bak1
C:\WINDOWS\SYSTEM32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\SYSTEM32\abeeg.bak1
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abiayrcb.ini
C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\accdd.bak2
C:\WINDOWS\SYSTEM32\accdd.ini
C:\WINDOWS\system32\afxkgdpj.ini
C:\WINDOWS\system32\ahbsyify.ini
C:\WINDOWS\system32\ajomtawr.ini
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\alhiqrbw.ini
C:\WINDOWS\system32\anifiiqw.ini
C:\WINDOWS\system32\ankhfsum.ini
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\armxdhiy.ini
C:\WINDOWS\system32\arqolwhu.ini
C:\WINDOWS\system32\asptpehr.ini
C:\WINDOWS\system32\auqcwyrk.ini
C:\WINDOWS\system32\awfvaeij.ini
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\axbqhque.ini
C:\WINDOWS\system32\ayamtnaw.ini
C:\WINDOWS\SYSTEM32\aycdd.bak1
C:\WINDOWS\SYSTEM32\aycdd.bak2
C:\WINDOWS\SYSTEM32\aycdd.ini
C:\WINDOWS\system32\baikjafs.ini
C:\WINDOWS\SYSTEM32\bbadd.bak1
C:\WINDOWS\SYSTEM32\bbadd.ini
C:\WINDOWS\SYSTEM32\bcbeg.bak1
C:\WINDOWS\SYSTEM32\bcbeg.ini
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bdpqymjv.ini
C:\WINDOWS\system32\bdugnrtw.ini
C:\WINDOWS\system32\bejthhrs.ini
C:\WINDOWS\system32\beoaprgy.ini
C:\WINDOWS\system32\bhcogdfq.ini
C:\WINDOWS\system32\bjlnbrcu.ini
C:\WINDOWS\system32\blphcp10j0ea05.scr
C:\WINDOWS\system32\bnsfqnqa.ini
C:\WINDOWS\system32\bnvtpnvv.ini
C:\WINDOWS\system32\botbityl.ini
C:\WINDOWS\system32\bpdynafw.ini
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\btgtouyq.ini
C:\WINDOWS\system32\bvnrnpqi.ini
C:\WINDOWS\system32\bvrdcxac.ini
C:\WINDOWS\system32\bxupvnph.ini
C:\WINDOWS\system32\cahfqjgn.ini
C:\WINDOWS\SYSTEM32\cbeeg.bak1
C:\WINDOWS\SYSTEM32\cbeeg.ini
C:\WINDOWS\SYSTEM32\ccbeg.bak1
C:\WINDOWS\SYSTEM32\ccbeg.ini
C:\WINDOWS\SYSTEM32\cccdd.bak1
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\system32\ccpwlphr.ini
C:\WINDOWS\system32\cdsvsvxi.ini
C:\WINDOWS\system32\cdxeglgr.ini
C:\WINDOWS\system32\ceyjgqmd.ini
C:\WINDOWS\SYSTEM32\cfhkj.bak1
C:\WINDOWS\SYSTEM32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\SYSTEM32\cfhkj.ini2
C:\WINDOWS\SYSTEM32\cfhkj.tmp
C:\WINDOWS\system32\chqopnij.ini
C:\WINDOWS\SYSTEM32\cJQAIkkj.ini
C:\WINDOWS\SYSTEM32\cJQAIkkj.ini2
C:\WINDOWS\system32\ckojiegr.ini
C:\WINDOWS\system32\cpauxdxn.ini
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\ctgcghha.ini
C:\WINDOWS\SYSTEM32\ctixubpe.ini
C:\WINDOWS\system32\ctqccpum.ini
C:\WINDOWS\system32\ctshvgdq.ini
C:\WINDOWS\system32\cumxcihh.ini
C:\WINDOWS\system32\cvsjnjhb.ini
C:\WINDOWS\system32\cyrlebus.ini
C:\WINDOWS\SYSTEM32\dccdd.bak1
C:\WINDOWS\SYSTEM32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\SYSTEM32\dccdd.ini2
C:\WINDOWS\SYSTEM32\dccdd.tmp
C:\WINDOWS\system32\dcslsfld.ini
C:\WINDOWS\system32\dearvadw.ini
C:\WINDOWS\SYSTEM32\dfhkj.bak1
C:\WINDOWS\SYSTEM32\dfhkj.ini
C:\WINDOWS\system32\djselfaj.ini
C:\WINDOWS\system32\dltvachw.ini
C:\WINDOWS\system32\dnwyipsd.ini
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dvgdmhsw.ini
C:\WINDOWS\system32\dwlknwqa.ini
C:\WINDOWS\system32\dyrfdglu.ini
C:\WINDOWS\system32\ecgriasn.ini
C:\WINDOWS\system32\ecqeaqac.ini
C:\WINDOWS\system32\edqgutxw.ini
C:\WINDOWS\system32\edtrvbwh.ini
C:\WINDOWS\system32\efylkupg.ini
C:\WINDOWS\system32\ekjmulul.ini
C:\WINDOWS\SYSTEM32\emaqjugo.ini
C:\WINDOWS\system32\emaqwevb.ini
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\epiihpxy.ini
C:\WINDOWS\system32\eyagrhvp.ini
C:\WINDOWS\system32\eyyncyrw.ini
C:\WINDOWS\SYSTEM32\ffhkj.bak1
C:\WINDOWS\SYSTEM32\ffhkj.ini
C:\WINDOWS\system32\fgeobefa.ini
C:\WINDOWS\system32\fghnjgvv.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fguahtjp.ini
C:\WINDOWS\SYSTEM32\fhkmp.bak1
C:\WINDOWS\SYSTEM32\fhkmp.ini
C:\WINDOWS\system32\fhmvotyc.ini
C:\WINDOWS\system32\fjmbqfme.ini
C:\WINDOWS\system32\flmrvplg.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fopueeih.ini
C:\WINDOWS\system32\fpnkhwjs.ini
C:\WINDOWS\system32\frsuveif.ini
C:\WINDOWS\system32\fsihprao.ini
C:\WINDOWS\system32\fswusceb.ini
C:\WINDOWS\system32\fvhuewnm.ini
C:\WINDOWS\system32\fwnmiwdl.ini
C:\WINDOWS\system32\fyjvbhci.ini
C:\WINDOWS\system32\fymesjry.ini
C:\WINDOWS\system32\fytyggam.ini
C:\WINDOWS\system32\gaaecuyp.ini
C:\WINDOWS\system32\gcwyjuel.ini
C:\WINDOWS\system32\gdcgmckd.ini
C:\WINDOWS\system32\gfkrnvjy.ini
C:\WINDOWS\system32\gfrcepdw.ini
C:\WINDOWS\SYSTEM32\ggjlm.bak1
C:\WINDOWS\SYSTEM32\ggjlm.bak2
C:\WINDOWS\SYSTEM32\ggjlm.ini
C:\WINDOWS\system32\gguwetxb.ini
C:\WINDOWS\system32\ghrfvxjj.ini
C:\WINDOWS\system32\gilommhn.ini
C:\WINDOWS\SYSTEM32\gjkmp.bak1
C:\WINDOWS\SYSTEM32\gjkmp.ini
C:\WINDOWS\system32\gllhktmn.ini
C:\WINDOWS\system32\gmnfsweg.ini
C:\WINDOWS\system32\gprfcqew.ini
C:\WINDOWS\system32\gqimgojr.ini
C:\WINDOWS\system32\grbkevcc.ini
C:\WINDOWS\system32\grijrama.ini
C:\WINDOWS\system32\grmixowu.ini
C:\WINDOWS\system32\grobmwiw.ini
C:\WINDOWS\system32\gsmpybuq.ini
C:\WINDOWS\system32\gtoqoaph.ini
C:\WINDOWS\system32\gvkbujic.ini
C:\WINDOWS\system32\hbcrsabw.ini
C:\WINDOWS\system32\hciiftxw.ini
C:\WINDOWS\system32\hdhqcdka.ini
C:\WINDOWS\system32\hdxfmdbm.ini
C:\WINDOWS\SYSTEM32\hgjlm.bak1
C:\WINDOWS\SYSTEM32\hgjlm.ini
C:\WINDOWS\system32\hgpxslql.ini
C:\WINDOWS\system32\hgydmwph.ini
C:\WINDOWS\SYSTEM32\hhhkj.bak2
C:\WINDOWS\SYSTEM32\hhhkj.ini
C:\WINDOWS\system32\hjefdsyp.ini
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.bak2
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\SYSTEM32\hjkmp.ini2
C:\WINDOWS\SYSTEM32\hjkmp.tmp
C:\WINDOWS\system32\hleelvmg.ini
C:\WINDOWS\system32\hmkawcor.ini
C:\WINDOWS\system32\hnrjqnru.ini
C:\WINDOWS\system32\hntnmtoc.ini
C:\WINDOWS\system32\hnwrlxlh.ini
C:\WINDOWS\system32\hoflwmcu.ini
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\SYSTEM32\HOWGNXbc.ini2
C:\WINDOWS\system32\hqoyvlcj.ini
C:\WINDOWS\system32\hqvlkeyl.ini
C:\WINDOWS\system32\hserckit.ini
C:\WINDOWS\system32\hswkujse.ini
C:\WINDOWS\system32\hwgwopmr.ini
C:\WINDOWS\system32\hwwgvota.ini
C:\WINDOWS\SYSTEM32\hxdynwsh.ini
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\hxndbgms.ini
C:\WINDOWS\system32\iagxsrln.ini
C:\WINDOWS\system32\idsbsrsr.ini
C:\WINDOWS\system32\igvhiyls.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\system32\ihypwptp.ini
C:\WINDOWS\system32\ihyvuvgj.ini
C:\WINDOWS\system32\iinsmrfh.ini
C:\WINDOWS\system32\ilxwslwj.ini
C:\WINDOWS\system32\imuonehg.ini
C:\WINDOWS\system32\indawpxc.ini
C:\WINDOWS\system32\inrltkpt.ini
C:\WINDOWS\system32\iomkplsh.ini
C:\WINDOWS\system32\ioscuohg.ini
C:\WINDOWS\system32\iowdbikv.ini
C:\WINDOWS\system32\iqddnrsu.ini
C:\WINDOWS\system32\ishambdb.ini
C:\WINDOWS\system32\iuncgvsh.ini
C:\WINDOWS\system32\jbxgqqno.ini
C:\WINDOWS\system32\jhupschp.ini
C:\WINDOWS\system32\jhvfiuec.ini
C:\WINDOWS\system32\jigkdsnh.ini
C:\WINDOWS\SYSTEM32\jjkmp.bak1
C:\WINDOWS\SYSTEM32\jjkmp.bak2
C:\WINDOWS\SYSTEM32\jjkmp.ini
C:\WINDOWS\SYSTEM32\jjllm.bak1
C:\WINDOWS\SYSTEM32\jjllm.ini
C:\WINDOWS\system32\jkgrawlb.ini
C:\WINDOWS\system32\jkxtgumv.ini
C:\WINDOWS\system32\jlaaebuo.ini
C:\WINDOWS\system32\jlselyyt.ini
C:\WINDOWS\SYSTEM32\jmllm.bak1
C:\WINDOWS\SYSTEM32\jmllm.bak2
C:\WINDOWS\SYSTEM32\jmllm.ini
C:\WINDOWS\system32\jowqsdad.ini
C:\WINDOWS\system32\jpaqfiup.ini
C:\WINDOWS\system32\jsegmftq.ini
C:\WINDOWS\system32\jwjxobad.ini
C:\WINDOWS\system32\jynbxldi.ini
C:\WINDOWS\system32\jypnerne.ini
C:\WINDOWS\system32\kahwettt.ini
C:\WINDOWS\system32\kaoiqwqu.ini
C:\WINDOWS\system32\keurqswr.ini
C:\WINDOWS\system32\kflwylxu.ini
C:\WINDOWS\system32\kgmmdgyx.ini
C:\WINDOWS\system32\kgoarxgm.ini
C:\WINDOWS\system32\kgwmsafc.ini
C:\WINDOWS\SYSTEM32\kjjlm.bak1
C:\WINDOWS\SYSTEM32\kjjlm.ini
C:\WINDOWS\SYSTEM32\kjkkj.bak1
C:\WINDOWS\SYSTEM32\kjkkj.bak2
C:\WINDOWS\SYSTEM32\kjkkj.ini
C:\WINDOWS\SYSTEM32\kjkkj.ini2
C:\WINDOWS\SYSTEM32\kjkkj.tmp
C:\WINDOWS\system32\kkffvaln.ini
C:\WINDOWS\system32\klkqiugl.ini
C:\WINDOWS\SYSTEM32\klnmp.bak1
C:\WINDOWS\SYSTEM32\klnmp.ini
C:\WINDOWS\SYSTEM32\kmllm.bak1
C:\WINDOWS\SYSTEM32\kmllm.ini
C:\WINDOWS\SYSTEM32\knnmp.bak1
C:\WINDOWS\SYSTEM32\knnmp.bak2
C:\WINDOWS\SYSTEM32\knnmp.ini
C:\WINDOWS\system32\kqlcapqk.ini
C:\WINDOWS\system32\kridaiei.ini
C:\WINDOWS\SYSTEM32\kSDKkUvw.ini2
C:\WINDOWS\system32\kvlwfxkb.ini
C:\WINDOWS\system32\kvmmfqnp.ini
C:\WINDOWS\system32\kwsxdrjf.ini
C:\WINDOWS\system32\legbkgpm.ini
C:\WINDOWS\system32\lepiwwqb.ini
C:\WINDOWS\system32\lgavhupb.ini
C:\WINDOWS\system32\liuhgjyu.ini
C:\WINDOWS\system32\ljjnxwnr.ini
C:\WINDOWS\system32\lkoeqdbu.ini
C:\WINDOWS\system32\llajblhf.ini
C:\WINDOWS\system32\llgstcva.ini
C:\WINDOWS\SYSTEM32\llkkj.bak1
C:\WINDOWS\SYSTEM32\llkkj.bak2
C:\WINDOWS\SYSTEM32\llkkj.ini
C:\WINDOWS\system32\lluphbgv.ini
C:\WINDOWS\system32\llwfeqkq.ini
C:\WINDOWS\system32\lmlasxpy.ini
C:\WINDOWS\system32\lphcp10j0ea05.exe
C:\WINDOWS\system32\lpywwwqi.ini
C:\WINDOWS\system32\lqedlftf.ini
C:\WINDOWS\SYSTEM32\LTsCcfhk.ini
C:\WINDOWS\SYSTEM32\LTsCcfhk.ini2
C:\WINDOWS\system32\lusbgoiq.ini
C:\WINDOWS\system32\lvedhpul.ini
C:\WINDOWS\system32\lvmtcvjx.ini
C:\WINDOWS\system32\lvvqhesi.ini
C:\WINDOWS\system32\lwqgkhum.ini
C:\WINDOWS\system32\lxhtufqk.ini
C:\WINDOWS\system32\lybjjakq.ini
C:\WINDOWS\system32\mceqdscq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdhrjifn.ini
C:\WINDOWS\system32\mdvgggpw.ini
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\mgmiwjwp.ini
C:\WINDOWS\system32\mjueyqsg.ini
C:\WINDOWS\system32\mkcpacuw.ini
C:\WINDOWS\system32\mmbqyxta.ini
C:\WINDOWS\system32\mncjnqdk.ini
C:\WINDOWS\system32\mpqjavxo.ini
C:\WINDOWS\system32\mqdqitba.ini
C:\WINDOWS\system32\mqihggrn.ini
C:\WINDOWS\system32\mrsstlmt.ini
C:\WINDOWS\system32\mrwppmmi.ini
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtcbspnt.ini
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mupetdok.ini
C:\WINDOWS\system32\mvdbfobt.ini
C:\WINDOWS\system32\mvuiceiq.ini
C:\WINDOWS\system32\mwdbdflo.ini
C:\WINDOWS\system32\mwgwoxkn.ini
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\mwrtorpf.ini
C:\WINDOWS\system32\mxqwcmqv.ini
C:\WINDOWS\system32\nabteowo.ini
C:\WINDOWS\system32\nbbmgena.ini
C:\WINDOWS\system32\ndmodvme.ini
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ngbxvlbj.ini
C:\WINDOWS\system32\nhkxdfii.ini
C:\WINDOWS\system32\njtmupqg.dll
C:\WINDOWS\system32\nlrwdvnn.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\npqss.bak1
C:\WINDOWS\SYSTEM32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\nqtuoflf.ini
C:\WINDOWS\SYSTEM32\nqtwa.bak1
C:\WINDOWS\SYSTEM32\nqtwa.ini
C:\WINDOWS\system32\nrwmkone.ini
C:\WINDOWS\system32\nufycgap.ini
C:\WINDOWS\system32\nvneojwk.ini
C:\WINDOWS\system32\nxsocejr.ini
C:\WINDOWS\system32\nynewybs.ini
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\ocgywgqc.ini
C:\WINDOWS\system32\ochxikqn.ini
C:\WINDOWS\system32\oesmjdiy.ini
C:\WINDOWS\system32\oexjnuei.ini
C:\WINDOWS\system32\ogsymxxu.ini
C:\WINDOWS\system32\ojxascmr.ini
C:\WINDOWS\system32\omemmxoe.ini
C:\WINDOWS\system32\onrqbmxm.ini
C:\WINDOWS\system32\ophgmqfb.ini
C:\WINDOWS\SYSTEM32\oppYJRqr.ini2
C:\WINDOWS\system32\oqgqflxs.ini
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.ini
C:\WINDOWS\SYSTEM32\oqtss.bak1
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\orhadrbx.ini
C:\WINDOWS\system32\orjtfpsx.ini
C:\WINDOWS\system32\ospcmhse.ini
C:\WINDOWS\system32\ouqjpkhh.ini
C:\WINDOWS\system32\ovawlpne.ini
C:\WINDOWS\system32\oxyvvmfe.ini
C:\WINDOWS\system32\oyqtnttn.ini
C:\WINDOWS\system32\pfsukluq.ini
C:\WINDOWS\system32\pgpiifcy.ini
C:\WINDOWS\system32\phcp10j0ea05.bmp
C:\WINDOWS\system32\phshvysa.ini
C:\WINDOWS\system32\piuagded.ini
C:\WINDOWS\system32\pjddyilc.ini
C:\WINDOWS\system32\pjjgflhi.ini
C:\WINDOWS\system32\ppfygxup.ini
C:\WINDOWS\system32\pphcp10j0ea05.exe
C:\WINDOWS\system32\ppqeoqjy.ini
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\ppqss.bak2
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\pqstv.bak1
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\SYSTEM32\prqss.bak1
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\system32\prrstoty.ini
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\psvdvnbs.ini
C:\WINDOWS\system32\ptguwxao.ini
C:\WINDOWS\system32\ptobhqog.ini
C:\WINDOWS\system32\pufbxwpd.ini
C:\WINDOWS\system32\pwihqimt.ini
C:\WINDOWS\system32\pwsrcedu.ini
C:\WINDOWS\system32\pxeimkqj.ini
C:\WINDOWS\system32\qcexkdsq.ini
C:\WINDOWS\system32\qfkpuwoi.ini
C:\WINDOWS\system32\qgbecgkq.ini
C:\WINDOWS\system32\qgdphaxe.ini
C:\WINDOWS\system32\qgdvgohv.ini
C:\WINDOWS\system32\qibwnlae.ini
C:\WINDOWS\system32\qiwuxgod.ini
C:\WINDOWS\system32\qjllpotm.ini
C:\WINDOWS\system32\qlynujbk.ini
C:\WINDOWS\SYSTEM32\qqtss.bak1
C:\WINDOWS\SYSTEM32\qqtss.bak2
C:\WINDOWS\SYSTEM32\qqtss.ini
C:\WINDOWS\SYSTEM32\qqtwa.bak1
C:\WINDOWS\SYSTEM32\qqtwa.ini
C:\WINDOWS\system32\qrkvjeij.ini
C:\WINDOWS\system32\qsaitshd.ini
C:\WINDOWS\SYSTEM32\qtstv.bak1
C:\WINDOWS\SYSTEM32\qtstv.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qxgylucc.ini
C:\WINDOWS\system32\qxtostia.ini
C:\WINDOWS\system32\qyaxsset.ini
C:\WINDOWS\system32\qyhxbtsd.ini
C:\WINDOWS\system32\qyouqfhs.ini
C:\WINDOWS\system32\raknadhj.ini
C:\WINDOWS\system32\ranhmxsn.ini
C:\WINDOWS\system32\rBIOVvut.ini
C:\WINDOWS\SYSTEM32\rBIOVvut.ini2
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\remmbdiy.ini
C:\WINDOWS\system32\rfqpqicx.ini
C:\WINDOWS\system32\rhcdsbhp.ini
C:\WINDOWS\system32\rkwkjbnc.ini
C:\WINDOWS\system32\rmfienui.ini
C:\WINDOWS\system32\rnlaohck.ini
C:\WINDOWS\system32\roncolpk.ini
C:\WINDOWS\system32\rotlfagr.ini
C:\WINDOWS\system32\rqapauty.ini
C:\WINDOWS\system32\rqeywhni.ini
C:\WINDOWS\system32\rqlyvnlm.ini
C:\WINDOWS\SYSTEM32\rqtss.bak1
C:\WINDOWS\SYSTEM32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rrjcrtqi.ini
C:\WINDOWS\system32\rsgjvdwo.ini
C:\WINDOWS\SYSTEM32\rstwa.bak1
C:\WINDOWS\SYSTEM32\rstwa.bak2
C:\WINDOWS\SYSTEM32\rstwa.ini
C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\rtstv.ini
C:\WINDOWS\SYSTEM32\rtvwa.bak1
C:\WINDOWS\SYSTEM32\rtvwa.ini
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\ruvghcve.ini
C:\WINDOWS\system32\rwjgqulo.ini
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\S1\bk53.exe
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\sakaksrn.ini
C:\WINDOWS\system32\sbkaufjk.ini
C:\WINDOWS\system32\sbmupmhx.ini
C:\WINDOWS\system32\scahgvtv.ini
C:\WINDOWS\system32\sfvjuycb.ini
C:\WINDOWS\system32\sgstlbja.ini
C:\WINDOWS\system32\shqmplmo.ini
C:\WINDOWS\system32\sitkorkh.ini
C:\WINDOWS\system32\sjnbbfie.ini
C:\WINDOWS\system32\sjonnuhj.ini
C:\WINDOWS\system32\skwxwihf.ini
C:\WINDOWS\system32\skysyfrg.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\smpi1\lib06.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\snfkqeel.ini
C:\WINDOWS\SYSTEM32\srqss.bak1
C:\WINDOWS\SYSTEM32\srqss.ini
C:\WINDOWS\SYSTEM32\sstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.bak2
C:\WINDOWS\SYSTEM32\sstwa.ini
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\ssyklexr.ini
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\SYSTEM32\sttss.bak1
C:\WINDOWS\SYSTEM32\sttss.bak2
C:\WINDOWS\SYSTEM32\sttss.ini
C:\WINDOWS\system32\suxgjlch.ini
C:\WINDOWS\system32\swdymduk.ini
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\tbknvmeo.ini
C:\WINDOWS\system32\tblajdxa.ini
C:\WINDOWS\system32\tbqqbhhs.ini
C:\WINDOWS\system32\tdbyuhae.ini
C:\WINDOWS\system32\tdqefrej.ini
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\tkokybyw.ini
C:\WINDOWS\system32\tmiunhcc.ini
C:\WINDOWS\system32\tnjxbgjb.ini
C:\WINDOWS\system32\tpfxbvut.ini
C:\WINDOWS\system32\tqrbefkw.ini
C:\WINDOWS\system32\tsloqsxn.ini
C:\WINDOWS\system32\tsyadvjf.ini
C:\WINDOWS\system32\ttcvyhig.ini
C:\WINDOWS\SYSTEM32\ttstv.bak1
C:\WINDOWS\SYSTEM32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\SYSTEM32\ttutv.bak1
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\twyxytws.ini
C:\WINDOWS\system32\ualirkwj.ini
C:\WINDOWS\system32\ualpwypk.ini
C:\WINDOWS\system32\ubahukpc.ini
C:\WINDOWS\system32\uifaqvum.ini
C:\WINDOWS\system32\ukovibpp.ini
C:\WINDOWS\system32\ukyuhupv.ini
C:\WINDOWS\system32\uqfcpfdm.ini
C:\WINDOWS\system32\uqtpfmwd.ini
C:\WINDOWS\SYSTEM32\UtAcdfii.ini
C:\WINDOWS\SYSTEM32\UtAcdfii.ini2
C:\WINDOWS\system32\uvhhigag.ini
C:\WINDOWS\system32\uvocmvrc.ini
C:\WINDOWS\SYSTEM32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uxqrrhmm.ini
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\vccoxoka.ini
C:\WINDOWS\system32\vdlxwmiy.ini
C:\WINDOWS\system32\vebfyfpt.ini
C:\WINDOWS\system32\vehoiolk.ini
C:\WINDOWS\system32\vesuxykk.ini
C:\WINDOWS\system32\vfwhagiw.ini
C:\WINDOWS\system32\vhwvunwn.ini
C:\WINDOWS\system32\vldmroil.ini
C:\WINDOWS\system32\vlksyvgw.ini
C:\WINDOWS\system32\vmahxyis.ini
C:\WINDOWS\system32\voypvtvc.ini
C:\WINDOWS\system32\vqqouueg.ini
C:\WINDOWS\SYSTEM32\vuwvGfhk.ini
C:\WINDOWS\SYSTEM32\vuwvGfhk.ini2
C:\WINDOWS\SYSTEM32\vvvwa.bak1
C:\WINDOWS\SYSTEM32\vvvwa.ini
C:\WINDOWS\system32\vvwhjqyg.ini
C:\WINDOWS\system32\vvykkodc.ini
C:\WINDOWS\system32\vwopwrqm.ini
C:\WINDOWS\system32\vxfkodpi.ini
C:\WINDOWS\system32\vxhphlhf.ini
C:\WINDOWS\SYSTEM32\vycdd.bak1
C:\WINDOWS\SYSTEM32\vycdd.ini
C:\WINDOWS\system32\waiuajtt.ini
C:\WINDOWS\system32\wakqcagl.ini
C:\WINDOWS\system32\wcepgufh.ini
C:\WINDOWS\SYSTEM32\wDNoqtwa.ini
C:\WINDOWS\SYSTEM32\wDNoqtwa.ini2
C:\WINDOWS\system32\wekhsdve.ini
C:\WINDOWS\system32\wevcwpdh.ini
C:\WINDOWS\system32\wglwmtyp.ini
C:\WINDOWS\system32\wgunrslf.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\wklbqtpw.ini
C:\WINDOWS\system32\wljxbqmg.ini
C:\WINDOWS\system32\wobokgbg.ini
C:\WINDOWS\system32\wopfhcuo.ini
C:\WINDOWS\system32\wqwayken.ini
C:\WINDOWS\system32\wsvprgkr.ini
C:\WINDOWS\system32\wvsmgyyi.ini
C:\WINDOWS\SYSTEM32\wvvwa.bak1
C:\WINDOWS\SYSTEM32\wvvwa.ini
C:\WINDOWS\system32\wxukblbn.ini
C:\WINDOWS\system32\wynxybue.ini
C:\WINDOWS\system32\xagudlxh.ini
C:\WINDOWS\system32\xblswuet.ini
C:\WINDOWS\system32\xderqfeo.ini
C:\WINDOWS\system32\xdvmimic.ini
C:\WINDOWS\system32\xfpccdwr.ini
C:\WINDOWS\system32\xnspdrcv.ini
C:\WINDOWS\system32\xsflfuuw.ini
C:\WINDOWS\system32\xvkiotrp.ini
C:\WINDOWS\system32\xxehtxdr.ini
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\xybeg.bak2
C:\WINDOWS\SYSTEM32\xybeg.ini
C:\WINDOWS\system32\yaepiiqk.ini
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.ini
C:\WINDOWS\system32\ybwpxjjr.ini
C:\WINDOWS\system32\ydemvrqc.ini
C:\WINDOWS\system32\yeigeicx.ini
C:\WINDOWS\system32\ygnpklse.ini
C:\WINDOWS\system32\ygqmtwbx.ini
C:\WINDOWS\system32\yhkvvvys.ini
C:\WINDOWS\system32\ykdscljj.ini
C:\WINDOWS\system32\ynowgpbc.ini
C:\WINDOWS\system32\ynwqichg.ini
C:\WINDOWS\system32\ypmgvyrj.ini
C:\WINDOWS\system32\ypwpgqki.ini
C:\WINDOWS\system32\yqilgewd.ini
C:\WINDOWS\system32\yqwfhbpr.ini
C:\WINDOWS\system32\yvfjreta.ini
C:\WINDOWS\system32\yvfyetie.ini
C:\WINDOWS\system32\ywfxgrrs.ini
C:\WINDOWS\system32\yxocdubs.ini
C:\WINDOWS\system32\yxxnewcc.ini
C:\WINDOWS\SYSTEM32\yycdd.bak1
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\trayicons.exe
C:\WINDOWS\wbun.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\wnsxs~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_DOMAINSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_core


((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Program Files\Avira
2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-24 13:11 . 2008-07-24 13:11 <DIR> d-------- C:\Deckard
2008-07-24 07:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-24 06:32 . 2008-07-24 06:32 <DIR> d-------- C:\Program Files\cmxsrjg
2008-07-24 06:32 . 2008-07-24 06:32 110,080 --a------ C:\WINDOWS\SYSTEM32\ytcpqzan.exe
2008-07-24 06:32 . 2008-07-24 06:32 86,016 --a------ C:\WINDOWS\SYSTEM32\srsbmhev.exe
2008-07-24 02:10 . 2008-07-24 02:10 <DIR> d-------- C:\Program Files\gdeklx
2008-07-24 02:10 . 2008-07-24 02:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\bircpsfy
2008-07-24 02:10 . 2008-07-24 02:10 94,208 --a------ C:\WINDOWS\SYSTEM32\dmtotmvi.exe
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Netscape
2008-07-11 13:12 . 2008-07-11 13:12 1,042,550 --a----t- C:\padot map-mountain research IUP site.pdf
2008-07-03 13:38 . 2008-07-03 13:38 48,463 --a----t- C:\hp paper order receipt.pdf
2008-07-03 01:46 . 2008-07-03 01:46 113,183 --a----t- C:\hp bright white specs.pdf
2008-07-03 01:37 . 2008-07-03 01:37 114,675 --a----t- C:\hp special inkjet paper specs.pdf
2008-07-03 01:33 . 2008-07-03 01:33 112,940 --a----t- C:\hp vellum specs.pdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 19:08 --------- d-----w C:\Program Files\Land Desktop
2008-07-24 11:26 --------- d-----w C:\Program Files\Java
2008-07-23 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-12 16:14 1,390,255 ----a-w C:\SmitfraudFix.exe
2007-12-14 17:19 28,929 ----a-w C:\Documents and Settings\Martin Biesinger.BASEMENT2\wn852.exe
2007-02-05 03:13 73,800 ----a-w C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\GDIPFONTCACHEV1.DAT
2005-07-29 20:24 472 --sha-r C:\WINDOWS\TWFydGluIEJpZXNpbmdlcg\nqIVx35RKHLDtrhDvAx5w0.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WinAdm"="C:\WINDOWS\system32\qhylgxir.exe" [2008-07-25 01:01 81920]
"HP JetDiscovery"="HPJETDSC.EXE" [1998-06-03 17:23 25088 C:\WINDOWS\SYSTEM32\hpjetdsc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 09:23 61440]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"oFFyo17QPw"="C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe" [2008-07-24 02:10 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genapi"= {182E5954-5717-A4CA-E449-08A770840CFD} - C:\Program Files\cmxsrjg\genapi.dll [2008-07-24 06:32 98304]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S2 NZNQFQFW;NZNQFQFW;C:\WINDOWS\system32\nznqfqfw.nrr []
S3 TrmbTS;TrimbleTS Driver (TrmbTS.sys);C:\WINDOWS\system32\Drivers\TrmbTS.sys [2004-09-28 10:41]
S3 TRMUSB5K;Trimble USB GPS Driver;C:\WINDOWS\system32\drivers\TRMUSB5K.sys [2000-06-20 06:33]

*Newly Created Service* - SSMDRV
.
- - - - ORPHANS REMOVED - - - -

BHO-{df234de4-8d76-4830-8bdb-34e9bbcc7873} - C:\WINDOWS\system32\wfepqnbi.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKCU-Main,Default_Search_URL =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = about:blank

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 00:59:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\qhylgxir.exe 81920 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NZNQFQFW]
"ImagePath"="\??\C:\WINDOWS\system32\nznqfqfw.nrr"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-25 1:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 05:03:31

Pre-Run: 33,211,752,448 bytes free
Post-Run: 32,833,294,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

776 --- E O F --- 2008-07-09 06:08:34




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:11 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\HPJETDSC.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\qhylgxir.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [WinAdm] C:\WINDOWS\system32\qhylgxir.exe
O4 - HKLM\..\Policies\Explorer\Run: [oFFyo17QPw] C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O21 - SSODL: genapi - {182E5954-5717-A4CA-E449-08A770840CFD} - C:\Program Files\cmxsrjg\genapi.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

--
End of file - 5014 bytes

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 25 July 2008 - 04:56 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
NZNQFQFW
Rootkit::
C:\WINDOWS\system32\qhylgxir.exe 
File::
C:\WINDOWS\SYSTEM32\ytcpqzan.exe
C:\WINDOWS\SYSTEM32\srsbmhev.exe
C:\WINDOWS\SYSTEM32\dmtotmvi.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\wn852.exe
Folder::
C:\Program Files\cmxsrjg
C:\Program Files\gdeklx
C:\Documents and Settings\All Users\Application Data\bircpsfy
C:\WINDOWS\TWFydGluIEJpZXNpbmdlcg
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"oFFyo17QPw"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genapi"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 29 July 2008 - 12:05 PM

Sorry, it took me so long to get back to you. Here is the new combofix log and hijackthis log. Thanks.



ComboFix 08-07-24.1 - Martin Biesinger 2008-07-29 12:55:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.649 [GMT -4:00]
Running from: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Martin Biesinger.BASEMENT2\wn852.exe
C:\WINDOWS\SYSTEM32\dmtotmvi.exe
C:\WINDOWS\SYSTEM32\srsbmhev.exe
C:\WINDOWS\SYSTEM32\ytcpqzan.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\bircpsfy
C:\Documents and Settings\All Users\Application Data\bircpsfy\hyvwzuvu.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\wn852.exe
C:\Program Files\cmxsrjg
C:\Program Files\cmxsrjg\genapi.dll
C:\Program Files\gdeklx
C:\Program Files\gdeklx\DscActMon.dll
C:\WINDOWS\b104.exe
C:\WINDOWS\SYSTEM32\dmtotmvi.exe
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\qhylgxir.exe
C:\WINDOWS\SYSTEM32\srsbmhev.exe
C:\WINDOWS\SYSTEM32\ytcpqzan.exe
C:\WINDOWS\TWFydGluIEJpZXNpbmdlcg
C:\WINDOWS\TWFydGluIEJpZXNpbmdlcg\nqIVx35RKHLDtrhDvAx5w0.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NZNQFQFW
-------\Service_NZNQFQFW


((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 12:49 . 2008-07-29 12:49 81,920 --a------ C:\WINDOWS\SYSTEM32\wnetctaf.exe
2008-07-25 21:26 . 2008-07-25 21:26 102,400 --a------ C:\WINDOWS\SYSTEM32\vabgvwbi.exe
2008-07-25 21:24 . 2008-07-25 21:24 <DIR> d--hs---- C:\found.000
2008-07-25 01:47 . 2008-07-25 01:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Program Files\Avira
2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-24 13:11 . 2008-07-24 13:11 <DIR> d-------- C:\Deckard
2008-07-24 07:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Netscape
2008-07-11 13:12 . 2008-07-11 13:12 1,042,550 --a----t- C:\padot map-mountain research IUP site.pdf
2008-07-03 13:38 . 2008-07-03 13:38 48,463 --a----t- C:\hp paper order receipt.pdf
2008-07-03 01:46 . 2008-07-03 01:46 113,183 --a----t- C:\hp bright white specs.pdf
2008-07-03 01:37 . 2008-07-03 01:37 114,675 --a----t- C:\hp special inkjet paper specs.pdf
2008-07-03 01:33 . 2008-07-03 01:33 112,940 --a----t- C:\hp vellum specs.pdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 16:59 --------- d-----w C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\AdobeUM
2008-07-29 16:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 16:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-29 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-07-28 13:58 --------- d-----w C:\Program Files\Land Desktop
2008-07-24 11:26 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-12 16:14 1,390,255 ----a-w C:\SmitfraudFix.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-02-05 03:13 73,800 ----a-w C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-25_ 1.03.14.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 16:51:28 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2008-07-25 04:57:32 2,563 ----a-w C:\WINDOWS\SYSTEM32\HPANT.DAT
+ 2008-07-29 16:57:57 2,563 ----a-w C:\WINDOWS\SYSTEM32\HPANT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"setinfocfg"="C:\WINDOWS\system32\wnetctaf.exe" [2008-07-29 12:49 81920]
"HP JetDiscovery"="HPJETDSC.EXE" [1998-06-03 17:23 25088 C:\WINDOWS\SYSTEM32\hpjetdsc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 09:23 61440]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 TrmbTS;TrimbleTS Driver (TrmbTS.sys);C:\WINDOWS\system32\Drivers\TrmbTS.sys [2004-09-28 10:41]
S3 TRMUSB5K;Trimble USB GPS Driver;C:\WINDOWS\system32\drivers\TRMUSB5K.sys [2000-06-20 06:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WinAdm - C:\WINDOWS\system32\qhylgxir.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 12:58:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-29 13:02:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 17:02:37
ComboFix2.txt 2008-07-29 16:46:12
ComboFix3.txt 2008-07-25 05:03:35

Pre-Run: 32,586,936,320 bytes free
Post-Run: 32,560,222,208 bytes free

177 --- E O F --- 2008-07-09 06:08:34



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:40 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\HPJETDSC.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wnetctaf.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [setinfocfg] C:\WINDOWS\system32\wnetctaf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

--
End of file - 4299 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 29 July 2008 - 06:29 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\wnetctaf.exe
C:\WINDOWS\SYSTEM32\vabgvwbi.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setinfocfg"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 29 July 2008 - 06:48 PM

Here is a new combofix log.


ComboFix 08-07-24.1 - Martin Biesinger 2008-07-29 19:43:46.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.691 [GMT -4:00]
Running from: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\SYSTEM32\vabgvwbi.exe
C:\WINDOWS\SYSTEM32\wnetctaf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\vabgvwbi.exe
C:\WINDOWS\SYSTEM32\wnetctaf.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 13:48 . 2008-07-29 13:48 604,217 --a----t- C:\Parkton Topo.pdf
2008-07-25 21:24 . 2008-07-25 21:24 <DIR> d--hs---- C:\found.000
2008-07-25 01:47 . 2008-07-25 01:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Program Files\Avira
2008-07-25 00:24 . 2008-07-25 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-24 13:11 . 2008-07-24 13:11 <DIR> d-------- C:\Deckard
2008-07-24 07:26 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-07-14 18:00 . 2008-07-14 18:00 <DIR> d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Netscape
2008-07-11 13:12 . 2008-07-11 13:12 1,042,550 --a----t- C:\padot map-mountain research IUP site.pdf
2008-07-03 13:38 . 2008-07-03 13:38 48,463 --a----t- C:\hp paper order receipt.pdf
2008-07-03 01:46 . 2008-07-03 01:46 113,183 --a----t- C:\hp bright white specs.pdf
2008-07-03 01:37 . 2008-07-03 01:37 114,675 --a----t- C:\hp special inkjet paper specs.pdf
2008-07-03 01:33 . 2008-07-03 01:33 112,940 --a----t- C:\hp vellum specs.pdf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 18:19 --------- d-----w C:\Program Files\Land Desktop
2008-07-29 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-07-29 16:59 --------- d-----w C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\AdobeUM
2008-07-29 16:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 16:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-29 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 11:26 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-12 16:14 1,390,255 ----a-w C:\SmitfraudFix.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-02-05 03:13 73,800 ----a-w C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-25_ 1.03.14.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 16:51:28 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2008-07-25 04:57:32 2,563 ----a-w C:\WINDOWS\SYSTEM32\HPANT.DAT
+ 2008-07-29 18:19:57 2,563 ----a-w C:\WINDOWS\SYSTEM32\HPANT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"HP JetDiscovery"="HPJETDSC.EXE" [1998-06-03 17:23 25088 C:\WINDOWS\SYSTEM32\hpjetdsc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16 135168]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 09:23 61440]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S3 TrmbTS;TrimbleTS Driver (TrmbTS.sys);C:\WINDOWS\system32\Drivers\TrmbTS.sys [2004-09-28 10:41]
S3 TRMUSB5K;Trimble USB GPS Driver;C:\WINDOWS\system32\drivers\TRMUSB5K.sys [2000-06-20 06:33]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 19:45:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-29 19:47:28
ComboFix-quarantined-files.txt 2008-07-29 23:47:26
ComboFix2.txt 2008-07-29 17:04:25
ComboFix3.txt 2008-07-29 16:46:12
ComboFix4.txt 2008-07-25 05:03:35

Pre-Run: 32,521,969,664 bytes free
Post-Run: 32,508,059,648 bytes free

118 --- E O F --- 2008-07-09 06:08:34

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 29 July 2008 - 07:17 PM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=============
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 30 July 2008 - 12:17 AM

MBAM Log and Kaspersky Scan Log. I do appreciate your time in helping me with this problem.


Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

10:35:15 PM 7/29/2008
mbam-log-7-29-2008 (22-35-15).txt

Scan type: Quick Scan
Objects scanned: 41833
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhct10j0ea05 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\b116.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b147.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b149.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b151.exe_old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EBEAE6E7EEEAE.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\winzip90.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 30, 2008 03:48:43
Records in database: 1026230
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 104129
Threat name: 94
Infected objects: 457
Suspicious objects: 3
Duration of the scan: 01:19:05


File name / Threat name / Threats count
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\aehivbvr.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\amyersma.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\bbxagbps.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\byhpjrfd.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\bykgrdab.dll Infected: Trojan.Win32.Monder.an 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\camg-77798.exe Infected: not-a-virus:AdWare.Win32.TTC.c 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\chdpad.exe Infected: Rootkit.Win32.Agent.eq 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\chdvct.exe Infected: Trojan.Win32.Agent.aqd 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\CmarP1065.exe Infected: Trojan-Downloader.Win32.VB.fn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\creqxebq.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\cyihqorp.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\ecjfcdtd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\fbblaqss.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\fkqicfpa.dll Infected: Trojan.Win32.Monder.cy 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\fkxovuij.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\hgevtrvd.dll Infected: Trojan.Win32.Monder.da 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\iwxcdfuh.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\jqxmcrwg.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\lhjqpwnn.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\lkkiruxm.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\lmxwdcxv.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\ltlkvifn.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\lwbrxreh.dll Infected: Trojan.Win32.Monder.cz 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MBDownloader_876923.exe Infected: not-a-virus:AdWare.Win32.NetNucleus.b 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\mfdqmpfn.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\mit48.tmp Infected: not-a-virus:AdWare.Win32.Mirar.i 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\mit48.tmp.cab Infected: not-a-virus:AdWare.Win32.Mirar.i 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\abtiqdqm.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aekkphol.dll.xor Infected: Trojan.Win32.Pakes.sd 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aggjfgse.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aqjkbyxm.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.acx 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aqmtgmme.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aqnqfsnb.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ckj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\aterjfvy.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\awkrnxbv.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\axjpdfev.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\axydnkth.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bcyujvfs.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\becsuwsf.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bfjkkusg.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bfqmghpo.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bmbmqujw.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bmpydsnn.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bvihomuk.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\bxtewugg.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\caqaeqce.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ace 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cbmlashw.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.acf 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cbpgwony.dll.xor Infected: Trojan.Win32.Pakes.fr 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ccwenxxy.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cepeeiuy.dll.xor Infected: Trojan.Win32.Pakes.sd 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\chrnjkmx.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\chsfblvy.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ciegqvvq.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.acf 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cijubkvg.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cimimvdx.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cnbjkwkr.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\Copy of abewajnf.dll.xor Infected: Trojan.Win32.BHO.hj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\Copy of dgmdbeil.dll.xor Infected: Trojan.Win32.BHO.hj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\Copy of lsketehq.dll.xor Infected: Trojan.Win32.BHO.hj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cotmntnh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cpkuhabu.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cqrvmedy.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\crpetlne.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\crvmcovu.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\csawcxpj.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cvbwabrl.dll.xor Infected: Trojan.Win32.Pakes.su 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cvtvpyov.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\cyjtttfc.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ddccd.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.qrb 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\deaadvlu.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dedgauip.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dghgimfg.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dhstiasq.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dkdsbcod.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\drouhlyo.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dwmfptqu.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\dytgkidb.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ealfoidv.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ehxascxu.dll.xor Infected: Trojan.Win32.Pakes.su 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\eiteyfvy.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ejaxnohk.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\emvdomdn.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\enokmwrn.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\enrenpyj.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wm 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\eoxmmemo.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\esjukwsh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\etwmsxdx.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ace 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\euiuswfh.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\euqhqbxa.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\evtjeows.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\fcjxlmxd.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ffdgxpjh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\flfoutqn.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\foaiaylu.dll.xor Infected: Trojan.Win32.Pakes.su 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\fprotrwm.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\frkqqawa.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ghoucsoi.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\gkenkppx.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\glpvrmlf.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\gpuklyfe.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\gqnjwwik.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hcljgxus.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wm 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hfugpecw.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hhkpjquo.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hjkllbvv.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hkroktis.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hlhfstdq.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hlxlrwnh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hpaoqotg.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hpwmdygh.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hvvvnlqi.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\hwbvrtde.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\idfocpqs.dll.xor Infected: Trojan.Win32.BHO.zh 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ikpxsbjg.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\inhwyeqr.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ace 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\iowupkfq.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ipdokfxv.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\iqtrcjrr.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ady 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\iuneifmr.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wm 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\iwcrchxf.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jclvyoqh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jdnaogai.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jerfeqdt.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jgvuvyhi.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jhdankar.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ayh 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jinpoqhc.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.avg 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jokwyfdy.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jonowsmx.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.acf 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jpvnkkji.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jpwaeoof.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jqhxmljv.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jvjuliyc.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jwkrilau.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\jwqkruuj.dll.xor Infected: Trojan.Win32.BHO.hj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\kbjunylq.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\kjfuakbs.dll.xor Infected: Trojan.Win32.Pakes.sc 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\kqfuthxl.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.wn 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\ladexomp.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\lcwhlemo.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\lgacqkaw.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\lguiqklk.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\lhkhkssw.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\liormdlv.dll.xor Infected: Trojan.Win32.Pakes.fr 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\lwreslyk.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.acx 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mbdmfxdh.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mexrheca.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mgdriqux.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.aea 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mieymmhh.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mljexgyf.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mlnvylqr.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mpxikrjf.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mqrwpowv.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ace 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\muhkgqwl.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\mupccqtc.dll.xor Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\musfhkna.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.bka 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\MPSampleSubmit\yxphiipe.dll.xor Infected: not-a-virus:AdWare.Win32.Virtumonde.ace 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\njottrgc.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\NNBar_VCSetup_876923_LOG_IES_NoDMY_AFF.exe Infected: not-a-virus:AdWare.Win32.Mirar.i 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\oovhxttn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\plqhlpph.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\qcsmtwpi.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\qkegnqiw.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\snapsnet.exe Infected: Trojan-Downloader.Win32.VB.awj 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\tawmhwiu.dll Infected: Trojan.Win32.Monder.an 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\thinksnet.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\tmgvefcl.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\tnmrlynb.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\txwtvgyn.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\UE.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gr 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\UnInstall.exe Infected: Trojan-Downloader.Win32.Agent.buo 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\unkbifxf.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\urbsjwyp.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\utbltuhk.dll Infected: Trojan.Win32.Monder.db 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\VSD4DE.tmp\setup[1].exe Infected: Trojan-Dropper.Win32.Joiner.fa 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\wavesnet.exe Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\wavvsnet.exe Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\wexqtsab.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\wr-1-2000219.exe Infected: Trojan-Downloader.Win32.Agent.bls 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\wxrwoowq.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\xdtotjsl.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\xlcyydor.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\xrun.exe Infected: Trojan-Downloader.Win32.Agent.brq 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\yazzsnet.exe Infected: Trojan-Downloader.Win32.PurityScan.fg 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\ykvruhqx.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\DOCUME~1\MARTIN~1.BAS\LOCALS~1\Temp\yqtiqoqy.dll Infected: Trojan.Win32.Monder.gen 1
C:\Deckard\System Scanner\backup\WINDOWS\temp\TMP0000002BCF5C106EF65F8AB5 Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Sun\Java\Deployment\cache\6.0\41\3f27a9-70a30521 Infected: Trojan.Java.ClassLoader.ao 3
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Sun\Java\Deployment\cache\6.0\45\69be78ed-163f5c91 Infected: Trojan-Downloader.Java.OpenConnection.ak 2
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Sun\Java\Deployment\cache\6.0\45\69be78ed-163f5c91 Infected: Trojan.Java.ClassLoader.aq 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-2ea41acf Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-3faadfe5 Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20070830-210123-126.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20070830-210123-680.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-110301-667.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-110301-751.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-110301-824.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-110336-986.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-110644-388.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071113-121653-860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071117-132251-347.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071117-132251-872.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071228-111546-292.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071228-111546-425.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bkr 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071228-111546-510.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071228-111546-758.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\backups\backup-20071228-111546-835.dll Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Program Files\Online Services\hocynejib77798.exe Infected: not-a-virus:AdWare.Win32.TTC.c 1
C:\Program Files\Photodex Presenter\pxplay.ocx Infected: not-a-virus:AdWare.Win32.AdWeb.g 1
C:\QooBox\Quarantine\C\Documents and Settings\Martin Biesinger.BASEMENT2\wn852.exe.vir Infected: Email-Worm.Win32.Mydoom.bq 1
C:\QooBox\Quarantine\C\Temp\aZ001.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\QooBox\Quarantine\C\Temp\aZ001.exe.vir Infected: not-a-virus:AdWare.Win32.TTC.c 1
C:\QooBox\Quarantine\C\Temp\aZ001.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls 1
C:\QooBox\Quarantine\C\Temp\aZ001.exe.vir Infected: Trojan-Dropper.Win32.Agent.bfr 1
C:\QooBox\Quarantine\C\Temp\aZ001.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.dmn 1
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir Infected: Trojan-Downloader.Win32.Small.buy 1
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphcp10j0ea05.exe.vir Infected: Trojan-Downloader.Win32.Small.yko 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\njtmupqg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsq 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\o02PrEz\o02PrEz1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pphcp10j0ea05.exe.vir Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\S1\bk53.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\smpi1\lib06.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls 1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ytcpqzan.exe.vir Infected: Trojan-Downloader.Win32.Small.yko 1
C:\QooBox\Quarantine\C\WINDOWS\trayicons.exe.vir Infected: Email-Worm.Win32.Mydoom.bq 1
C:\QooBox\Quarantine\C\WINDOWS\wbun.exe.vir Infected: not-a-virus:AdWare.Win32.BHO.arg 1
C:\QooBox\Quarantine\C\WINDOWS\windisk.dll.vir Infected: Email-Worm.Win32.Mydoom.bq 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002422.exe Infected: Trojan-Downloader.Win32.VB.chy 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002423.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002424.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002425.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002426.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002427.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002428.hta Infected: Trojan-Dropper.VBS.Inor.cj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP10\A0002440.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000014.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000016.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000017.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000018.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000019.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000022.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000023.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000024.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000025.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000027.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000030.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000031.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000032.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000034.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000035.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000036.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000039.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000040.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000043.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000044.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000045.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000046.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000047.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000048.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000049.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000050.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000051.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000052.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000053.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000054.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000055.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000056.dll Infected: Trojan.Win32.BHO.o 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000057.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000058.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000059.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000060.exe Infected: Trojan-Clicker.Win32.Small.mw 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000061.dll Infected: Trojan-Clicker.Win32.Small.mw 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000062.dll Infected: Trojan.Win32.BHO.g 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000063.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000064.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000065.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000066.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000067.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000068.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000069.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000070.exe Infected: Trojan.Win32.Agent.anr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000071.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000072.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000073.dll Infected: Trojan.Win32.BHO.bd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000075.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000081.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000082.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000086.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000087.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000088.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000089.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000090.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000091.dll Infected: not-a-virus:AdWare.Win32.Mirar.r 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000092.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000093.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000095.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000096.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000097.exe Infected: Trojan.Win32.Obfuscated.kp 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000098.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000100.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000101.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000102.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000103.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000104.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000105.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000106.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000107.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000108.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.j 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000109.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000110.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvs 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000112.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000113.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000114.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000115.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000116.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000117.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000118.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000119.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000120.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000121.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000122.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000123.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000124.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000125.exe Infected: Trojan.Win32.Agent.bck 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000126.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000132.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000133.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000134.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000139.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000140.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000141.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000143.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000144.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000146.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000148.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000149.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000151.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000153.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000155.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000156.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000157.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000158.dll Infected: Trojan.Win32.BHO.hj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP2\A0000159.exe Infected: Trojan.Win32.Agent.aoy 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000199.exe Infected: Trojan-Downloader.Win32.Agent.bls 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000202.exe Infected: not-a-virus:AdWare.Win32.BHO.arg 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000203.dll Infected: Email-Worm.Win32.Mydoom.bq 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000204.exe Infected: Email-Worm.Win32.Mydoom.bq 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vpc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000244.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ytl 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000245.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000246.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000247.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000248.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000249.dll Infected: Trojan.Win32.Monder.mj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000250.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000251.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000252.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000253.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000254.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000255.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000256.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000257.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000258.dll Infected: Trojan.Win32.KillAV.rf 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000259.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsr 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000260.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000261.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000262.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000263.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000264.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000265.dll Infected: Trojan.Win32.Monder.kd 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000266.dll Infected: Trojan.Win32.Monder.mj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000267.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000268.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000269.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000270.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000271.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000272.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000273.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000274.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000275.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000276.dll Infected: Trojan.Win32.Monder.mj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000277.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000278.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000279.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000280.dll Infected: Trojan.Win32.Monder.ma 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000281.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000282.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000283.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000284.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000285.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000286.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000287.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000289.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000290.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000295.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000296.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000298.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000300.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000301.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000302.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000303.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000304.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000305.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000309.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000310.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000311.exe Infected: Trojan.Win32.LowZones.gb 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsq 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000765.exe Infected: Trojan-Downloader.Win32.Small.yko 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000766.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000767.exe Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000768.exe Infected: Trojan-Downloader.Win32.VB.awj 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000773.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.ml 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP7\A0001075.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP7\A0001083.exe Infected: Trojan-Downloader.Win32.Small.yko 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP7\A0001088.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.my 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0001229.exe Infected: Email-Worm.Win32.Mydoom.bq 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0001232.exe Infected: Trojan-Downloader.Win32.Small.yko 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0001255.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP9\A0001255.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\WINDOWS\SYSTEM32\auuwvxba.zgx Infected: Trojan.Win32.Agent.qe 1
C:\WINDOWS\SYSTEM32\pjmjxlmy.xba Infected: Trojan-Clicker.Win32.Small.js 1
C:\WINDOWS\SYSTEM32\SBO\SB1065.exe Infected: Trojan-Downloader.Win32.VB.fn 1
C:\WINDOWS\SYSTEM32\tuvVOIBr.dll_old Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 30 July 2008 - 03:47 AM

Please empty your deleted Items box within outlook or outlook express.
Also empty your Inbox as well.
============================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Online Services\hocynejib77798.exe 
    C:\Program Files\Photodex Presenter\pxplay.ocx 
    C:\WINDOWS\SYSTEM32\auuwvxba.zgx 
    C:\WINDOWS\SYSTEM32\pjmjxlmy.xba 
    C:\WINDOWS\SYSTEM32\SBO\SB1065.exe 
    C:\WINDOWS\SYSTEM32\tuvVOIBr.dll_old
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================
Post back with that log and a new dss log and let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 30 July 2008 - 07:59 PM

Below, I posted the OTMoveIt2 log followed by the DSS log. My computer is running much faster now and is more responsive.

After I scanned and created the two logs, Avira antivirus has given me several alerts like the following:

C:\System Volume Information\......\A0000014.dll
Is the TR/BHO.AKY Trojan

C:\System Volume Information\......\A0000016.dll
Is the TR/BHO.AKY Trojan

C:\System Volume Information\......\A0000019.dll
Is the TR/BHO.AKY Trojan

I just selected the option to move these items to quarantine.


Anyway, here are the 2 logs you requested.

File move failed. C:\Program Files\Online Services\hocynejib77798.exe scheduled to be moved on reboot.
C:\Program Files\Photodex Presenter\pxplay.ocx unregistered successfully.
C:\Program Files\Photodex Presenter\pxplay.ocx moved successfully.
C:\WINDOWS\SYSTEM32\auuwvxba.zgx moved successfully.
C:\WINDOWS\SYSTEM32\pjmjxlmy.xba moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\SBO\SB1065.exe scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\tuvVOIBr.dll_old moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_112015

Files moved on Reboot...
File C:\Program Files\Online Services\hocynejib77798.exe not found!
File C:\WINDOWS\SYSTEM32\SBO\SB1065.exe not found!



Deckard's System Scanner v20071014.68
Run by Martin Biesinger on 2008-07-30 11:32:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Martin Biesinger.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:24 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\HPJETDSC.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Martin Biesinger.BASEMENT2\Desktop\dss.exe
C:\DOCUME~1\MARTIN~1.BAS\Desktop\Martin Biesinger.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

--
End of file - 4250 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-29 22:27:51 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Malwarebytes
2008-07-29 22:27:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 22:27:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 21:24:38 0 d--hs---- C:\found.000
2008-07-25 01:47:26 0 d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-25 00:50:42 0 d-------- C:\cmdcons
2008-07-25 00:49:54 68096 --a------ C:\WINDOWS\zip.exe
2008-07-25 00:49:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-25 00:49:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-25 00:49:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-25 00:49:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-25 00:49:54 98816 --a------ C:\WINDOWS\sed.exe
2008-07-25 00:49:54 80412 --a------ C:\WINDOWS\grep.exe
2008-07-25 00:49:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-25 00:24:42 0 d-------- C:\Program Files\Avira
2008-07-25 00:24:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-14 18:00:24 0 d-------- C:\Program Files\Photodex Presenter
2008-07-14 18:00:24 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Netscape
2008-07-14 18:00:24 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-07-30 11:21:28 2563 --a------ C:\WINDOWS\system32\HPANT.DAT
2008-07-29 22:03:46 0 d-------- C:\Program Files\Land Desktop
2008-07-29 19:45:15 0 d-------- C:\Program Files\Common Files
2008-07-29 12:59:39 0 d-------- C:\Documents and Settings\Martin Biesinger.BASEMENT2\Application Data\AdobeUM
2008-07-29 12:50:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-24 07:26:09 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 01:16 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
"P17Helper"="P17.dll" [06/10/2004 12:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 09:23 AM]
"Logitech Utility"="Logi_MwX.Exe" [03/04/2003 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/13/2005 11:26 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP JetDiscovery"="HPJETDSC.EXE" [06/03/1998 05:23 PM C:\WINDOWS\SYSTEM32\hpjetdsc.exe]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Martin Biesinger.BASEMENT2\Start Menu\Programs\Startup\
DESKTOP.INI [3/20/2004 1:58:38 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
DESKTOP.INI [3/20/2004 1:58:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-07-30 11:32:58 ------------

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 30 July 2008 - 08:15 PM

C:\System Volume Information

These are leftovers in the system restore points and they have already been deleted we will clean the restore points now.
==============
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 mvb2

mvb2
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 31 July 2008 - 10:24 PM

1. I did as you instructed. As far as the System Restore Points go, I just set it to "on".

2. [Also, just before sending this post, I got another alert from AntiVir Guard as follows:

"C:\System Volume Information\......\A0000024.exe
Is the TR/Agent.AA0A Trojan"

I selected the option to "Move to quarantine".]

3. Should I do anything else?

Thank you.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 01 August 2008 - 04:03 AM

You will have to turn them off and then on again or it will not remove the infected system restore points.

After that let me klnow if you are still getting alerts?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 PM

Posted 16 August 2008 - 08:21 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users