Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Labtop Is In Bad Shape


  • This topic is locked This topic is locked
24 replies to this topic

#1 protozero

protozero

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 25 August 2008 - 08:37 PM

My dad labtop is in pretty bad shape and it's hard enough just to get HJT or anything onto the computer, then running them properly is another story.

It's an Accer, XP. Don't think you need anything. It's almost impossible to work with.

There's about 3 anti-virus's on it. Not sure if there even real ones or false ones he downloaded from the virus.

- Safe mode's not working, just gives a list of drivers and crap.
- It's just constantly rebooting explorer I believe every couple a seconds. Lots of popups saying "Your computer is probably infected, click yes to download software to remove it."
- Can't right click without the restarting effect
- Could only manage an older version on HJT that doesn't need to be installed
- I can't killbox the files from system32

I can't even open notepad or open any folder.

Any help would be greatly appreciated.



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\ReinstallBackupst.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Alexander\Desktop\HiJackThis_v2.exe
C:\Documents and Settings\Alexander\Desktop\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\verclsid.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\Crypt16.exe,
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\hgGaWpOG.dll
O2 - BHO: (no name) - {4BF2C905-7F1D-4A7D-BD5A-3271FB25E6BE} - C:\WINDOWS\system32\ddcCRHBQ.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Alexander\cftmon.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [3c1d5212] rundll32.exe "C:\WINDOWS\system32\srgnsbbq.dll",b
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: hgGaWpOG - C:\WINDOWS\SYSTEM32\hgGaWpOG.dll
O20 - Winlogon Notify: __c0092C54 - C:\WINDOWS\system32\__c0092C54.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7373 bytes
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:36 AM

Posted 11 September 2008 - 04:45 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 11 September 2008 - 11:09 AM

No problem, I understand it can get busy.

Here's the thing that makes what you want me to do virtually impossible.

If I right click, whatever's causing all the problem reloads and Explorer shell so I can't really open any folder or get some programs to try and fix it off my Flash key.

I have to open Internet Explorer and navigate through there since everything besides HJT and Internet explorer gets shut down if I open it and a bogus screen claiming the computer's infected flashes for a moment.

I can't install the proper version of HiJackthis. I'm using the 2.0.0 BETA version as it requires no installation. But unless there's a downloadable version of that online scanner I don't believe I can do it.

Do you have any tricks or suggestions since the working conditions in the computer are difficult.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 12 September 2008 - 01:57 AM

Hi protozero,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

I wanted to let you know I need some time to go through your log. I'll get back to you as soon as possible.

Meanwhile please refrain from making any changes to your system as it might prolong handling your log and make the job for both of us more difficult.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 12 September 2008 - 04:55 AM

Hi again,
  • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • If it finds faulty file associations, they will appear in red beside a checkbox
    • Click Save Log and save daft.txt
    • Copy and paste the content of daft.txt to your reply.
    • Then place a checkmark (tick) in the boxes in question.
    • Click the Fix button.
    Note: If you could not run the tool rename it to daft.com before saving it to your desktop and follow the rest of instruction. Tell me if you could run it without renaming.

  • Please download HiJackThis.exe and save it to C: drive as moon.exe (when you download it you can rename it before saving it) . This application doesn't need installation. If you could not download or run it proceed with the copy of Hijackthis you have.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\Crypt16.exe,
    O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\hgGaWpOG.dll
    O2 - BHO: (no name) - {4BF2C905-7F1D-4A7D-BD5A-3271FB25E6BE} - C:\WINDOWS\system32\ddcCRHBQ.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Alexander\cftmon.exe
    O4 - HKLM\..\Run: [3c1d5212] rundll32.exe "C:\WINDOWS\system32\srgnsbbq.dll",b
    O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
    O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
    O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ReinstallBackupst.exe
    O20 - Winlogon Notify: hgGaWpOG - C:\WINDOWS\SYSTEM32\hgGaWpOG.dll
    O20 - Winlogon Notify: __c0092C54 - C:\WINDOWS\system32\__c0092C54.dat
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    You may decide to keep either Norton or AVG 8.

    In case you wanted to remove AVG 8 go to Add/Remove program and uninstall it from there.

    To remove McAfee AntiVirus I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

    For download and instruction to use click on majorgeeks.com

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note:The logs will be created in this folder: C:\rsit
  • Please tell me how it went and if you faced any problem.
Please post in your next reply:
  • The scan log off DAFT.
  • The log of MBAM.
  • The RSIT logs.
  • Tell me how it went.

Edited by farbar, 12 September 2008 - 06:58 AM.


#6 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 12 September 2008 - 10:36 AM

Daft worked fine. I did have to rename it for it to work. Here's the log it got, rather short.

DAFT Log saved on 2008-09-12 11:16:17
-----------------------------------------------------------------------
All associations okay!

ATF cleaner ran fine. Malwarebytes unfortunetly wasn't starting and I was unable to install it. RSIT gave me an error message. I had already removed the 2 Anti-virus'. I don't know what he was thinking, but they were pissing my off everytime I tried to fix it with virus scans.

I don't believe the HJT did much. The "hgGaWpOG.dll" and "ddcCRHBQ.dll" I had previously tried to remove with HJT and Killbox never worked.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:22 AM, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\moon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\Crypt16.exe,
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\hgGaWpOG.dll
O2 - BHO: (no name) - {C98D1C35-4E2E-4495-B427-D49AA3465BCB} - C:\WINDOWS\system32\ddcCRHBQ.dll
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgGaWpOG - C:\WINDOWS\SYSTEM32\hgGaWpOG.dll
O20 - Winlogon Notify: __c0092C54 - C:\WINDOWS\system32\__c0092C54.dat
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 2654 bytes
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 12 September 2008 - 12:06 PM

Please refrain from fixing anything or making changes to system by yourself.


If mbam-setup.exe did not run you may download it but rename it to clear.com before saving it to your disk. You may download it from another computer, rename and then use flash drive to place it on C: drive to run it from there.

#8 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 13 September 2008 - 10:37 AM

Got the program to install, but that's about it. Can't launch it.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 13 September 2008 - 06:08 PM

  • This is a heavily infected computer. The key is at the moment running MBAM to perform a quick scan and remove what is finds.

  • Make sure Windows is set to not to hide the file extensions:
    • Click Start, open Computer, select the Tools menu and click Folder Options.
    • Select the View Tab. Under the Hidden files and folders heading, check Show hidden files and folders.
    • Uncheck: Hide file extensions for known file types
    • Click Apply and OK.
    Then go to the folder C:\program files\ Malwarebytes' Anti-Malware\ .
    Double-click mbam.exe to run it. If you have not updated it update it then select "Perform quick scan" and follow the rest of instruction.

    In case you could not run it rename it to light.exe and then run and update it. If it created a mbam.exe again after updating rename the new copy to light2.exe then run it and perform the quick scan and then follow the instruction to let it remove what it finds. If needed reboot and post the log.

    If this all didn't work rename the mbam.exe to mbam.com and do the rest.

  • Please remove your RSIT copy. Download a fresh copy, run it either from desktop or C drive (if needed rename it to anything.com) and copy/paste the logs.

  • Tell me if you have another computer there. Also tell me if you have a Windows installation CD in case we needed it.
In any case please copy/paste the RSIT scan even if you could not mange to run RSIT.

Edited by farbar, 13 September 2008 - 06:46 PM.


#10 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 13 September 2008 - 09:50 PM

Update: RSIT gives me the following error after click accept. "Errpr: Incorrect number of parameter in function call"

I got it working. Thanks. I ran Malwarebytes but I'm unable to update it. I can't get the thing to go online. The wireless isn't working, won't accept an open connection from my router when I ram an ethernet cord in. I know it works, my 360 runs off it.

Well the computer's looking actually better. The desktop is blue, not some fake warning saying the computers infected.

Here's the log for Malwarebytes:

Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2

13/09/2008 10:31:24 PM
mbam-log-2008-09-13 (22-31-08).txt

Scan type: Quick Scan
Objects scanned: 51146
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 103
Registry Values Infected: 9
Registry Data Items Infected: 11
Folders Infected: 60
Files Infected: 519

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ddcCRHBQ.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hgGaWpOG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\Crypt_16.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\system32\__c0092C54.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\baselgq32.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggawpog (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{849e5938-9ecf-4122-8027-6d3918c831c9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{849e5938-9ecf-4122-8027-6d3918c831c9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbcoresrv.coreservices (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbcoresrv.coreservices.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbcoresrv.lfgax (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbcoresrv.lfgax.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbhostol.mailanim (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbhostol.mailanim.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbhostol.webmailsend (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbhostol.webmailsend.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbsrv.coreservices (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbsrv.coreservices.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerutility.commband (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerutility.commband.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerutility.sbmain (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\spamblockerutility.sbmain.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9882035-7745-47c7-8d5e-c11178f9c553} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ea232a0a-46f8-4d44-a30b-50321518a828} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{923826d1-ad5c-4a9c-afde-2a40156dbc04} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5ba32d9e-f1bd-476c-ad42-97c9379a57a4} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{20d21e02-8c1c-41fe-9826-dab4c223436c} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{66291bef-c867-43c0-a7b4-d13393814bcd} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{175652e8-8bcc-47c4-b591-0d630f469c19} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{03c4c5f4-1893-444c-b8d8-002f0034da92} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{11e2bc0c-5d4f-4e0c-b438-501ffe05a382} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{37587889-fc28-4507-b6d3-8557305f7511} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a5e947e-c407-4dcc-a0b5-5658e457153b} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4fd5c4d3-6c15-4ea0-9eb9-eee8fc74a91b} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{620d55b0-f2fb-464e-a278-b4308db1db2b} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7a41359e-0407-470f-b3f7-7c6a0f7c449a} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7c4a630a-de98-4e3e-8093-e8f5e159bb72} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7ed1e9b1-cb57-4fa0-84e8-fae653fe8e6b} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6931b16-90fa-4d69-a49f-3abfa2c04060} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5aa36a1-8bd1-47e0-90f8-47e7239c6ea1} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fa2cbafb-f7b1-4f41-9b7a-73329a6c1cb7} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{40d8240a-e3a0-4d59-ac55-0443120188d1} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhctb0j0er2v (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhctb0j0er2v (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clbdriver (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0092c54 (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spam Blocker (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\SbHostOL.MailAnim (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\sbtv (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\winantiviruspro (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerOutlookTools (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerWebTools (Adware.Hotbar) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\IEUpdate (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\IEUpdate (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.0 (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddccrhbq -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddccrhbq -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Agent) -> Data: c:\windows\system32\crypt16.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Agent) -> Data: system32\crypt16.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (C:\WINDOWS\system32\spywarewarning.mht) Good: (http://www.google.com/) -> No action taken.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (C:\WINDOWS\system32\spywarewarning.mht) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\Crypt16.exe,) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath (Hijack.Service) -> Bad: (C:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\WinAntivirusPro3.8 (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\SBTV (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0 (Adware.Hotbar) -> No action taken.
C:\Program Files\NetFilter (Trojan.FakeAlert) -> No action taken.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlocker (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOL (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOL\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOL\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOI (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOI\static (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\HostOI\dynamic (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\IESkins (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\rhctb0j0er2v\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Other user\Application Data\rhctb0j0er2v\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> No action taken.

Files Infected:
C:\WINDOWS\system32\hgGaWpOG.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcCRHBQ.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\QBHRCcdd.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\QBHRCcdd.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wmcopwgq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qgwpocmw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\byrnvwra.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\arwvnryb.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\hjbikhau.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\uahkibjh.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qecvamva.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\avmavceq.ini (Trojan.Vundo.H) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\ASAPCom.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBClientSinkPS.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBTrayAppPS.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBSrvPS.dll (Adware.Hotbar) -> No action taken.
C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\rllafmcv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sroyxsuc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ftp34.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\mvtniqiu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqnebxff.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ybwfustg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hwluqybk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ljJDtRhh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pphcpb0j0er2v.exe (Rogue.Agent) -> No action taken.
C:\WINDOWS\system32\__c00FBC3D.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qliavmou.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ghmnvmwq.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\Install.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Alexander\ftp34.dll (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\LocalService\ftp34.dll (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temporary Internet Files\Content.IE5\01QFWT2F\kb456456[2] (Trojan.Vundo) -> No action taken.
C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe (Rogue.WinAntivirus) -> No action taken.
C:\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\SBTV\sbtv_kyf.dat (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\SBTV\sbtvau.dat (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\SbUninst.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\1_Trash.wav (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\2_Balloon.wav (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\3_Shot Gun.wav (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\Contact.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\Redemption.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbCoreSrv.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBInst.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBOLExp.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBOLExt.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbSrv.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbToolbar.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBUIRes.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SBUISkin.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbWallpaper.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SpamBlocker.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\NetFilter\netfilter.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\p2pnetworks\alp2plib.log.bak (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\LiveAntispy\Uninstall.exe (Rogue.LiveAntispy) -> No action taken.
C:\Program Files\LiveAntispy\LiveAntispy.lic (Rogue.LiveAntispy) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\DataBase.ref (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 16 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 16 - 03_00_01 AM_031.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 17 - 03_00_00 AM_984.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 17 - 03_00_01 AM_468.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 18 - 03_00_00 AM_890.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 18 - 03_00_01 AM_546.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 15 - 02_19_30 AM_718.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 15 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 15 - 03_00_01 AM_062.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 19 - 03_00_00 AM_968.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 19 - 03_00_01 AM_609.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 20 - 03_00_01 AM_544.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 20 - 03_00_02 AM_153.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 21 - 03_00_05 AM_984.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 21 - 03_00_07 AM_593.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 22 - 03_00_01 AM_250.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 22 - 03_00_01 AM_718.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 23 - 03_00_00 AM_781.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 23 - 03_00_01 AM_109.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 24 - 03_00_01 AM_390.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 24 - 03_00_02 AM_343.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 25 - 03_00_00 AM_968.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Log\2008 May 25 - 03_00_01 AM_515.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2007 Oct 31 - 09_01_54 PM_234.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2007 Oct 31 - 09_01_54 PM_656.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2007 Nov 01 - 03_00_05 AM_109.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2007 Nov 01 - 03_00_13 AM_984.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2008 Mar 02 - 12_55_54 AM_718.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Log\2008 Mar 03 - 02_29_43 PM_671.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Other user\Application Data\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility_Icons\Fix-PC-Registry-Errors.ico (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\SpamBlockerUtility_1209950382.log (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\SpamBlockerUtility_1212293117.log (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\SpamBlockerUtility.log (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\cursors.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\editblbuttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hb_ie_menu.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_games_icon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ie_video.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sbu_icon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sdfmodifier.xml (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\weathericon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_games_icon.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\cursors.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ie_video.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sbu_icon.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\weathericon.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sdfmodifier.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\editblbuttons.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hb_ie_menu.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\cursors.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\editblbuttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hb_ie_menu.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_games_icon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ie_video.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sbu_icon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sdfmodifier.xml (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\weathericon.res (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\566217.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3786245.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\455798.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2883568.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\846590.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\36472.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\690129.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1056180.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3893642.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1401551.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3340762.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1385552.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1383468.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1388761.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2894154.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1598678.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2885069.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1070509.sdf (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\36cd.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\36ce.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\36cf.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\748176 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29881 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79246 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\53481 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79824 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\536848 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52977 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\569262 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87387 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43118 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52972 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52968 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42861 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52974 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\37602 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85365 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59598 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\290893 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25540 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59297 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82292 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7946 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7963 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\31392 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7953 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61795 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70692 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86023 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\33146 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\98707 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83757 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\56100 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83732 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7887 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7894 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7892 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7889 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83706 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83743 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\60804 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61894 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\57878 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\31409 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\36834 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61923 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42881 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61935 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42886 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41243 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97677 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\3405 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44789 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1610 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6458 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\14633 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34107 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\237488 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\277976 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67469 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\23923 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\277907 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67564 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\455904 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\75089 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79972 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\475788 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\116977 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39245 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\286256 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\3338 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753360 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\738022 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753356 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753309 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753300 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753350 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64429 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86379 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52253 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35000 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79432 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\403305 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\218419 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89673 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6292 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72748 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\211683 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\390259 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64517 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\21889 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80670 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\703336 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13562 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67226 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54473 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578081 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44458 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\531510 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6873 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44878 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17025 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67220 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\277983 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\744260 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17040 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753335 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69263 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44228 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20478 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16725 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\241998 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95678 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\751223 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\372153 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\288799 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753348 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20535 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67209 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\58913 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93908 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27416 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82633 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\78425 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18906 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\65770 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97498 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578458 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\94230 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\753366 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\146938 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43979 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\455563 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\747687 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\461563 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44293 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\11891 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27505 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7521 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\Alexander\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54469 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\Crypt_16.dll (Backdoor.Agent) -> No action taken.
C:\WINDOWS\system32\Crypt16.exe (Backdoor.Agent) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0092C54.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\basevquaf32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\baselgq32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\baseegag32.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3f2e618e.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM3f2e618e.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uejljyfg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\phcpb0j0er2v.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcpb0j0er2v.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphcpb0j0er2v.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\spywarewarning.mht (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\spywarewarning2.mht (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\_A00F2914450A.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Alexander\Start Menu\Programs\WinAntivirusPro.lnk (Rogue.SpyRemover) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Alexander\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.

Edited by protozero, 13 September 2008 - 09:54 PM.

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#11 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 14 September 2008 - 12:34 AM

Sorry for the double post, got the internet working. It's looking like a computer now.

I ran Spybot before this current logfile though to.

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 2

14/09/2008 1:31:24 AM
mbam-log-2008-09-14 (01-31-19).txt

Scan type: Quick Scan
Objects scanned: 51551
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\clbdriver.sys (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> No action taken.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 14 September 2008 - 04:00 AM

Great job protozero. :thumbsup:
  • Please give some (as detailed as possible) feedback about how did you mange to run MBAM. This wil help other users with the same infection.

  • Please tell me if you have a Windows installation CD. Not that we need it, good to know just in case.

  • Please tell me if you removed the old copy of RSIT and downloaded a new copy. Because the old copy had a bug and did not work on some computers but it is corrected now.


    If you have not downloaded a new copy of RSIT, please do that as I need the logs in order to proceed. Otherwise proceed to the next step. In case you mange to run RSIT skip the next step.

  • In case you could not run the new downloaded RSIT please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#13 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 14 September 2008 - 12:11 PM

Internet wasn't working as I had to disable everything from MSconfig. Since the anti-virus' where running scans all the time and I'm pretty sure he downloaded a fake one from one of the links the malware would send you to. He had CoolWebsearch on his Mozilla firefox and not his Internet Explorer ( *gasp* freaked me out to! I just unistalled mozilla completly )

For Mbam. The renaming to .com worked really well. I didn't think of it. But when it worked as you can see on the older log it got rid of most everything.

No Windows installation CD.

I did try a couple of times with RSIT, no avail.

And for the scans of OTViewit:

OTViewIt logfile created on: 14/09/2008 12:59:24 PM - Run 1
OTViewIt by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

446.10 Mb Total Physical Memory | 180.58 Mb Available Physical Memory | 40.48% Memory free
1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.74 Gb Total Space | 6.08 Gb Free Space | 23.60% Space Free | Partition Type: FAT32
Drive D: | 26.22 Gb Total Space | 26.22 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.72 Mb Total Space | 957.34 Mb Free Space | 97.32% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-B02602435C
Current User Name: Alexander
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

========== Processes - Non-Microsoft Only ==========

[03/29/2006 08:53 PM | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[07/25/2006 06:03 PM | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
[03/27/2006 11:37 AM | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
[03/30/2006 06:47 PM | 00,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[09/14/2008 01:00 PM | 00,379,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe

========== Win32 Services - Non-Microsoft Only ==========

[03/29/2006 08:53 PM | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
[07/25/2006 06:03 PM | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[07/25/2006 06:03 PM | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate [On_Demand | Stopped])

========== Driver Services - Non-Microsoft Only ==========

File not found -- C:\WINDOWS\System32\drivers\79770911.sys -- (79770911 [System | Stopped])
[01/25/2006 10:44 AM | 00,488,448 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
[12/08/2004 02:10 PM | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
[12/23/2005 04:13 PM | 00,013,184 | ---- | M] (Dritek System Inc.) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO [Auto | Running])
[10/26/2006 04:00 AM | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
File not found -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped])
[02/09/2008 10:34 PM | 00,019,572 | ---- | M] (FNet Co., Ltd.) -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS -- (FNETDEVI [System | Running])
[04/14/2006 03:27 PM | 00,069,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\int15.sys -- (int15 [Auto | Running])
[08/04/2004 05:00 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
[04/17/2006 09:20 PM | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[01/18/2006 06:41 PM | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
[08/04/2004 05:00 AM | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
File not found -- C:\WINDOWS\system32\sysrest.sys -- (sysrest.sys [On_Demand | Stopped])
[04/14/2006 03:27 PM | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport [Auto | Running])


========== Run Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\PE_C_OTHER USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CS Update" = copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll" File not found
"IEUpdate" = C:\WINDOWS\system32\ReinstallBackupst.exe ()
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== Startup Folders ==========

[03/27/2006 11:37 AM | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

========== Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = http://global.acer.com
"Default_Search_URL" = http://www.google.com/ie
"Local Page" = %SystemRoot%\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
"Start Page" = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL" = http://www.google.com/ie
"SearchAssistant" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page" = C:\WINDOWS\system32\blank.htm
"Search Bar" = http://www.google.com/ie
"Search Page" = http://www.google.com
"Start Page" = http://www.google.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant" = http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = C:\WINDOWS\system32\spywarewarning.mht

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\PE_C_OTHER USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page" = C:\WINDOWS\system32\blank.htm
"Search Bar" = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Search Page" = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page" = C:\WINDOWS\system32\spywarewarning.mht

[HKEY_USERS\PE_C_OTHER USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\PE_C_OTHER USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = C:\WINDOWS\system32\spywarewarning.mht

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = C:\WINDOWS\system32\spywarewarning.mht

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page" = C:\WINDOWS\system32\spywarewarning.mht

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page" = C:\WINDOWS\system32\blank.htm
"Search Bar" = http://www.google.com/ie
"Search Page" = http://www.google.com
"Start Page" = http://www.google.com/

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant" = http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{74CC49F7-EB32-4A08-B204-948962A6E3DB}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (MEGAUPLOAD )
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\PE_C_OTHER USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{74CC49F7-EB32-4A08-B204-948962A6E3DB}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (MEGAUPLOAD )
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[04/17/2006 09:21 PM | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

========== DNS Name Servers ==========

{23BEE8A2-CACB-4B06-9781-908F2976CC01} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{CE10AAB9-83BE-4C09-945F-9C9B78B48876} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[1 C:\*.tmp files]
[08/25/2008 08:34 PM | -HSD | C] -- C:\FOUND.000
[09/12/2008 11:20 AM | ---D | C] -- C:\backups
[09/13/2008 10:38 PM | -HSD | C] -- C:\FOUND.001
[09/13/2008 10:23 PM | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/13/2008 10:23 PM | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 08:40 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\okhyepqa.dll
[08/25/2008 08:43 PM | 00,004,854 | -HS- | C] () -- C:\WINDOWS\System32\qbbsngrs.ini
[08/25/2008 08:45 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\risebs.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\egngluqr.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fpbcmhgv.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jpogmp.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xbdfbw.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cgdakh.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\igasvp.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vyxnsvfh.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ymunnjme.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\rhzlve.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\siimpelw.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\slnwqe.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\usgvdkjc.dll
[08/25/2008 08:49 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\egcwhq.dll
[08/25/2008 08:49 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\swpkhlxb.dll
[08/25/2008 09:08 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\gvdhkmqx.dll
[08/25/2008 09:08 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xpyjoe.dll
[08/25/2008 09:09 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\giemzl.dll
[08/25/2008 09:09 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\wmasxbii.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fzmnku.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jfyifh.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lgyeul.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lostniaj.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\rogxipcg.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\sifnaotw.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\htkfkm.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jojfgqnn.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\kytwrn.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\muyxiwuk.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fxbumxvj.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fyuqhllg.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\hvgrgb.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\teqcda.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\apeabv.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\oqppcx.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vlyxmfej.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xuxnsmnf.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dxvhga.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\nobuqhxi.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\pljlqw.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qpskxohe.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dwarbdkk.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\gjvrdiah.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\syhywa.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\tebluw.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\aqkafpvn.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ncyejy.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\tgoann.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xdnadkop.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\asneyd.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\eezbzc.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\rjuhnykv.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\uprhifas.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cadpkp.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ixlefnsd.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\kliditis.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mfagyd.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fhvcjoyk.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\hmtepi.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\imscfuni.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ygvspu.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\aelwmo.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\smvjcpyv.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\uuufcwhs.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\willul.dll
[08/25/2008 09:21 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lbjtau.dll
[08/25/2008 09:21 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\msdqfeuc.dll
[08/25/2008 09:25 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ljnoqnsv.dll
[08/25/2008 09:25 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ovmmom.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\eutmmy.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\onfoneta.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qoyqkfrs.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xxclfd.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dngxnmnf.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\elcfla.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jpmmeshw.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vbkdck.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\alkiehpx.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dzgbxv.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jwfpcw.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\wynqcbba.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\aooufe.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mxsoff.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ptpnndcy.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\tlrqgvsd.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lrvbmqfb.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\njskawem.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\rmtriq.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vmhhew.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\aanodd.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\iagyjslp.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lgcyefsf.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\reznfl.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\egqhrtam.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jnyejq.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jxssrmrx.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\soiwjf.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\csupwolp.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dasiyk.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\sqdaavgg.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ooinxjkh.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\sfqrrcbs.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vxuydk.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\zopibk.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\iupvbxgu.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\limvveuk.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lmpiao.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\maxzsy.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dbedemka.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ghsdysyw.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\pvmblq.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qeshpq.dll
[08/25/2008 09:37 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\nyczsc.dll
[08/25/2008 09:37 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ucnzcf.dll
[08/25/2008 09:37 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\yfuprtja.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cjscgbig.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mrdlyn.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\thbnjivw.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\yezmmw.dll
[08/25/2008 09:39 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bdqfvz.dll
[08/25/2008 09:39 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ufuasddf.dll
[08/25/2008 09:40 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cybnnygw.dll
[08/25/2008 09:40 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\idywzv.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\egtncaqu.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\gxqqpfoh.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\zowhih.dll
[08/25/2008 09:42 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\kznxaa.dll
[08/25/2008 09:46 PM | 00,004,974 | -HS- | C] () -- C:\WINDOWS\System32\blwtirrf.ini
[08/25/2008 09:56 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jgfytbbi.dll
[08/25/2008 09:56 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qaqahncv.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\jgylrdak.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\lcxxycom.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\xqyrudhc.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ygweubwe.dll
[08/25/2008 09:58 PM | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\tsjjqd.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bfurpxky.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bqotxjwm.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\nmpnukpc.dll
[08/25/2008 09:59 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\hqwfqydw.dll
[08/25/2008 09:59 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ncvlmxko.dll
[08/25/2008 10:02 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bpgabpjg.dll
[08/25/2008 10:02 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\nlhtxqcw.dll
[08/25/2008 10:03 PM | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\gvhkpy.dll
[08/25/2008 10:03 PM | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\qdthlc.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\abincjtf.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\hlocixfc.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mpjhyktu.dll
[08/25/2008 10:04 PM | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\jifaho.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\khytfylg.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\qrxaixsw.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vvanjyev.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bnqcru.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\hdhvkk.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mcrsjarj.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\yrsmgary.dll
[08/25/2008 10:06 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\kntgkbkp.dll
[08/25/2008 10:06 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\smgkivir.dll
[08/25/2008 10:07 PM | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\oxibgb.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\dxcbhjyt.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\fkvhtl.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\gilrhh.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\liihnxjq.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\rxixjwbp.dll
[08/25/2008 11:32 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\bmesedeq.dll
[08/25/2008 11:36 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\tdfjcyki.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\cuehqhcn.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\mbsnfkrs.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\vvkmlx.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\wayqesjc.dll
[08/25/2008 09:47 PM | ---D | C] -- C:\WINDOWS\pss
[09/13/2008 10:23 PM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[09/13/2008 11:21 PM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[09/13/2008 11:30 AM | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[09/13/2008 10:24 PM | ---D | C] -- C:\Documents and Settings\Alexander\Application Data\Malwarebytes
[09/13/2008 10:23 PM | 00,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[09/13/2008 11:24 PM | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Alexander\Desktop\spybotsd160.exe
[09/14/2008 12:58 PM | 00,379,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe
[09/13/2008 10:23 PM | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[09/13/2008 11:07 PM | ---D | C] -- C:\Program Files\Trend Micro
[09/13/2008 11:21 PM | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[09/14/2008 01:48 AM | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 days ==========

[1 C:\*.tmp files]
[08/25/2008 12:04 PM | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[08/25/2008 12:04 PM | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[09/13/2008 10:25 PM | 00,136,437 | ---- | M] () -- C:\xcrashdump.dat
[09/13/2008 11:14 PM | 00,000,211 | RHS- | M] () -- C:\boot.ini
[09/13/2008 11:15 PM | 46,784,1024 | -HS- | M] () -- C:\hiberfil.sys
[09/10/2008 12:08 AM | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[09/10/2008 12:08 AM | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 08:40 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\okhyepqa.dll
[08/25/2008 08:45 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\risebs.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\egngluqr.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fpbcmhgv.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jpogmp.dll
[08/25/2008 08:46 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xbdfbw.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cgdakh.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\igasvp.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vyxnsvfh.dll
[08/25/2008 08:47 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ymunnjme.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\rhzlve.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\siimpelw.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\slnwqe.dll
[08/25/2008 08:48 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\usgvdkjc.dll
[08/25/2008 08:49 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\egcwhq.dll
[08/25/2008 08:49 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\swpkhlxb.dll
[08/25/2008 09:08 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\gvdhkmqx.dll
[08/25/2008 09:08 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xpyjoe.dll
[08/25/2008 09:09 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\giemzl.dll
[08/25/2008 09:09 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\wmasxbii.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fzmnku.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jfyifh.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lgyeul.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lostniaj.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\rogxipcg.dll
[08/25/2008 09:10 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\sifnaotw.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\htkfkm.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jojfgqnn.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\kytwrn.dll
[08/25/2008 09:11 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\muyxiwuk.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fxbumxvj.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fyuqhllg.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\hvgrgb.dll
[08/25/2008 09:12 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\teqcda.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\apeabv.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\oqppcx.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vlyxmfej.dll
[08/25/2008 09:13 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xuxnsmnf.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dxvhga.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\nobuqhxi.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\pljlqw.dll
[08/25/2008 09:14 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qpskxohe.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dwarbdkk.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\gjvrdiah.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\syhywa.dll
[08/25/2008 09:15 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\tebluw.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\aqkafpvn.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ncyejy.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\tgoann.dll
[08/25/2008 09:16 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xdnadkop.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\asneyd.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\eezbzc.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\rjuhnykv.dll
[08/25/2008 09:17 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\uprhifas.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cadpkp.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ixlefnsd.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\kliditis.dll
[08/25/2008 09:18 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mfagyd.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fhvcjoyk.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\hmtepi.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\imscfuni.dll
[08/25/2008 09:19 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ygvspu.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\aelwmo.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\smvjcpyv.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\uuufcwhs.dll
[08/25/2008 09:20 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\willul.dll
[08/25/2008 09:21 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lbjtau.dll
[08/25/2008 09:21 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\msdqfeuc.dll
[08/25/2008 09:25 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ljnoqnsv.dll
[08/25/2008 09:25 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ovmmom.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\eutmmy.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\onfoneta.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qoyqkfrs.dll
[08/25/2008 09:26 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xxclfd.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dngxnmnf.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\elcfla.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jpmmeshw.dll
[08/25/2008 09:27 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vbkdck.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\alkiehpx.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dzgbxv.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jwfpcw.dll
[08/25/2008 09:28 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\wynqcbba.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\aooufe.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mxsoff.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ptpnndcy.dll
[08/25/2008 09:29 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\tlrqgvsd.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lrvbmqfb.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\njskawem.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\rmtriq.dll
[08/25/2008 09:30 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vmhhew.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\aanodd.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\iagyjslp.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lgcyefsf.dll
[08/25/2008 09:31 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\reznfl.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\egqhrtam.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jnyejq.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jxssrmrx.dll
[08/25/2008 09:32 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\soiwjf.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\csupwolp.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dasiyk.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\sqdaavgg.dll
[08/25/2008 09:33 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\zopibk.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\maxzsy.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ooinxjkh.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\sfqrrcbs.dll
[08/25/2008 09:34 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vxuydk.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\iupvbxgu.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\limvveuk.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lmpiao.dll
[08/25/2008 09:35 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\pvmblq.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dbedemka.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ghsdysyw.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qeshpq.dll
[08/25/2008 09:36 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ucnzcf.dll
[08/25/2008 09:37 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\nyczsc.dll
[08/25/2008 09:37 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\yfuprtja.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cjscgbig.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mrdlyn.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\thbnjivw.dll
[08/25/2008 09:38 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\yezmmw.dll
[08/25/2008 09:39 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bdqfvz.dll
[08/25/2008 09:39 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ufuasddf.dll
[08/25/2008 09:40 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cybnnygw.dll
[08/25/2008 09:40 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\idywzv.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\egtncaqu.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\gxqqpfoh.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\kznxaa.dll
[08/25/2008 09:41 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\zowhih.dll
[08/25/2008 09:46 PM | 00,004,854 | -HS- | M] () -- C:\WINDOWS\System32\qbbsngrs.ini
[08/25/2008 09:49 PM | 00,004,974 | -HS- | M] () -- C:\WINDOWS\System32\blwtirrf.ini
[08/25/2008 09:56 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jgfytbbi.dll
[08/25/2008 09:56 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qaqahncv.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\lcxxycom.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\xqyrudhc.dll
[08/25/2008 09:57 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ygweubwe.dll
[08/25/2008 09:58 PM | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\tsjjqd.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bfurpxky.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bqotxjwm.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\jgylrdak.dll
[08/25/2008 09:58 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\nmpnukpc.dll
[08/25/2008 09:59 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\hqwfqydw.dll
[08/25/2008 09:59 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ncvlmxko.dll
[08/25/2008 10:02 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bpgabpjg.dll
[08/25/2008 10:02 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\nlhtxqcw.dll
[08/25/2008 10:03 PM | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\gvhkpy.dll
[08/25/2008 10:03 PM | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\qdthlc.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\abincjtf.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\hlocixfc.dll
[08/25/2008 10:03 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mpjhyktu.dll
[08/25/2008 10:04 PM | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\jifaho.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\khytfylg.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\qrxaixsw.dll
[08/25/2008 10:04 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vvanjyev.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bnqcru.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\hdhvkk.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mcrsjarj.dll
[08/25/2008 10:05 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\yrsmgary.dll
[08/25/2008 10:06 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\kntgkbkp.dll
[08/25/2008 10:07 PM | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\oxibgb.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\dxcbhjyt.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\gilrhh.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\rxixjwbp.dll
[08/25/2008 10:07 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\smgkivir.dll
[08/25/2008 10:08 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\fkvhtl.dll
[08/25/2008 10:08 PM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\liihnxjq.dll
[08/25/2008 11:33 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\bmesedeq.dll
[08/25/2008 11:36 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\tdfjcyki.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\cuehqhcn.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\mbsnfkrs.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\vvkmlx.dll
[09/11/2008 11:49 AM | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\wayqesjc.dll
[09/13/2008 11:16 PM | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[09/13/2008 11:14 PM | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[09/13/2008 11:14 PM | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[09/13/2008 11:15 PM | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[09/13/2008 11:15 PM | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[09/11/2008 11:51 AM | 00,245,248 | ---- | M] () -- C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/13/2008 10:23 PM | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[09/13/2008 11:25 PM | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Alexander\Desktop\spybotsd160.exe
[09/14/2008 01:00 PM | 00,379,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe

< End of report >

I hope you didn't have read through all that.

Other log:

OTViewIt Extras logfile created on: 14/09/2008 12:59:24 PM - Run 1
OTViewIt by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

446.10 Mb Total Physical Memory | 180.58 Mb Available Physical Memory | 40.48% Memory free
1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.74 Gb Total Space | 6.08 Gb Free Space | 23.60% Space Free | Partition Type: FAT32
Drive D: | 26.22 Gb Total Space | 26.22 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.72 Mb Total Space | 957.34 Mb Free Space | 97.32% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[08/04/2004 05:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[08/04/2004 05:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[08/16/2007 06:00 PM | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks
[02/19/2008 01:10 PM | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\WINDOWS\Temp\.tt158.tmp:*:Enabled:enable

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\PE_C_ALL USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt - @ivt protocol not assigned
file - file protocol not assigned
ftp - ftp protocol not assigned
http - http protocol not assigned
https - https protocol not assigned
shell - shell protocol not assigned

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FF67F80-BD1F-4142-B95A-8A0C044AA4F8}" = ATI Catalyst Control Center
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A9CF9052-F4A0-475D-A00F-A8388C62DD63}" = MSXML 4.0 SP2 (KB925672)
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InterActual Player" = InterActual Player
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"LimeWire" = LimeWire 4.14.8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LManager" = Launch Manager
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSNINST" = MSN
"p2pnetworks" = p2pnetworks
"PCCloneEX" = PCCloneEX
"PCFriendly" = PCFriendly
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8bd3fa93fb1ac53b" = Graboid Video
"DownloadManager" = DownloadManager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3077039440-730728647-1762467180-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8bd3fa93fb1ac53b" = Graboid Video
"DownloadManager" = DownloadManager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/08/2008 11:26:22 AM | Computer Name = ACER-B02602435C | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x1000b1db.

Error - 25/08/2008 11:43:52 AM | Computer Name = ACER-B02602435C | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a2000a.

Error - 25/08/2008 8:35:52 PM | Computer Name = ACER-B02602435C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 25/08/2008 9:05:43 PM | Computer Name = ACER-B02602435C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 25/08/2008 9:18:40 PM | Computer Name = ACER-B02602435C | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a2000a.

Error - 25/08/2008 9:23:49 PM | Computer Name = ACER-B02602435C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 25/08/2008 9:29:47 PM | Computer Name = ACER-B02602435C | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a2000a.

Error - 25/08/2008 9:34:00 PM | Computer Name = ACER-B02602435C | Source = Application Error | ID = 1000
Description = Faulting application notepad.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00a2000a.

Error - 25/08/2008 9:34:11 PM | Computer Name = ACER-B02602435C | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/09/2008 11:15:50 PM | Computer Name = ACER-B02602435C | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 25/08/2008 11:06:54 AM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Memory Check Service
service to connect.

Error - 25/08/2008 11:16:51 AM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7000
Description = The Task Scheduler service failed to start due to the following error:
%%2

Error - 25/08/2008 8:36:28 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7000
Description = The Task Scheduler service failed to start due to the following error:
%%2

Error - 25/08/2008 9:06:17 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7000
Description = The Task Scheduler service failed to start due to the following error:
%%2

Error - 25/08/2008 9:06:17 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate
Scheduler service to connect.

Error - 25/08/2008 9:06:17 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%1053

Error - 25/08/2008 9:09:53 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 25/08/2008 9:09:59 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7034
Description = The AVG8 E-mail Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/08/2008 9:10:25 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7031
Description = The AVG8 WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 25/08/2008 9:24:28 PM | Computer Name = ACER-B02602435C | Source = Service Control Manager | ID = 7000
Description = The Task Scheduler service failed to start due to the following error:
%%2


< End of report >

Would it be easier to just attach the file .txt rather then Copy/paste?

And where's that canned speach on virus prevention?

Thanks alot though for taking over. Hope Shaba didn't get to scared when he realized how bad the labtop was.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:36 AM

Posted 14 September 2008 - 01:34 PM

Thanks for the feedback. The more feedback the better I understand what is going on at the other end.

< End of report >

I hope you didn't have read through all that.

Other log:


What do you think now ?

Would it be easier to just attach the file .txt rather then Copy/paste?


Thanks for asking and not doing it. All the logs on one page is much easier for us.

And where's that canned speach on virus prevention?


This was a breakthrough as we can run other tools we couldn't before. But we have still some serious work to do in order to get this computer clean.

Thanks alot though for taking over. Hope Shaba didn't get to scared when he realized how bad the labtop was.


Shaba was not supposed to handle the log and he even don't look at the logs. He sends that reply to many old logs and those who reply get help from one off the stuff. I don't know anybody around who doesn't like a little challenge.

+++++++++++++++++++++++++++++++++++++++++++++++++++++

Note: Your log(s) show that the user is using so called peer-to-peer or file-sharing programs (in this case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Removal Instructions
  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do.
    • Run Spybot-S&D
    • Go to the Mode menu, and make sure Advanced Mode is selected
    • On the left hand side, choose Tools -> Resident
    • Uncheck Resident TeaTimer and OK any prompts
    • Restart your computer.
    Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

    Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot.
  • You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully.

    You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Instruction to install Recovery Console :

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      Posted Image
    • When the tool is finished, it will produce a report for you.
    Please copy and paste the content of C:\ComboFix.txt for further review.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please post in your next reply:
  • The Combofix log.
  • The HJT log.


#15 protozero

protozero
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada,
  • Local time:12:36 AM

Posted 14 September 2008 - 04:13 PM

Again, the computer's looking much better. I did the ComboFix as you asked.

Here's the log:

ComboFix 08-09-14.01 - Alexander 2008-09-14 17:01:59.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -4:00]
Running from: C:\Documents and Settings\Alexander\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexander\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alexander\Application Data\install.dat
C:\Program Files\popcorn Terms.html
C:\Redemption.ECF
C:\WINDOWS\system32\aanodd.dll
C:\WINDOWS\system32\abaerfve.ini
C:\WINDOWS\system32\abincjtf.dll
C:\WINDOWS\system32\aelwmo.dll
C:\WINDOWS\system32\agmusosh.dll
C:\WINDOWS\system32\aktkbgfq.ini
C:\WINDOWS\system32\alkiehpx.dll
C:\WINDOWS\system32\antdnpwm.ini
C:\WINDOWS\system32\aooufe.dll
C:\WINDOWS\system32\apeabv.dll
C:\WINDOWS\system32\apybkrhu.dll
C:\WINDOWS\system32\aqkafpvn.dll
C:\WINDOWS\system32\asneyd.dll
C:\WINDOWS\system32\bdqfvz.dll
C:\WINDOWS\system32\bdspxmqp.ini
C:\WINDOWS\system32\bfurpxky.dll
C:\WINDOWS\system32\biucvdot.ini
C:\WINDOWS\system32\bmesedeq.dll
C:\WINDOWS\system32\bmhjhgxj.dll
C:\WINDOWS\system32\bnqcru.dll
C:\WINDOWS\system32\bowdnupt.ini
C:\WINDOWS\system32\bpgabpjg.dll
C:\WINDOWS\system32\bqotxjwm.dll
C:\WINDOWS\system32\bxlrjyan.dll
C:\WINDOWS\system32\cadpkp.dll
C:\WINDOWS\system32\ccckssoy.ini
C:\WINDOWS\system32\cdjlttgg.ini
C:\WINDOWS\system32\cgdakh.dll
C:\WINDOWS\system32\cixjpkdv.ini
C:\WINDOWS\system32\cjscgbig.dll
C:\WINDOWS\system32\ckcwytam.ini
C:\WINDOWS\system32\config\systemprofile\cftmon.exe
C:\WINDOWS\system32\config\systemprofile\ftp34.dll
C:\WINDOWS\system32\cotfamvf.dll
C:\WINDOWS\system32\cpsxbgic.ini
C:\WINDOWS\system32\crupuhkq.ini
C:\WINDOWS\system32\csupwolp.dll
C:\WINDOWS\system32\cuehqhcn.dll
C:\WINDOWS\system32\cxtfmlot.ini
C:\WINDOWS\system32\cybnnygw.dll
C:\WINDOWS\system32\dasiyk.dll
C:\WINDOWS\system32\dbedemka.dll
C:\WINDOWS\system32\denbxugd.dll
C:\WINDOWS\system32\djbqwrah.ini
C:\WINDOWS\system32\dngxnmnf.dll
C:\WINDOWS\system32\domairou.ini
C:\WINDOWS\system32\dwarbdkk.dll
C:\WINDOWS\system32\dxcbhjyt.dll
C:\WINDOWS\system32\dxvhga.dll
C:\WINDOWS\system32\dzgbxv.dll
C:\WINDOWS\system32\earmpntc.ini
C:\WINDOWS\system32\eccjqcdf.ini
C:\WINDOWS\system32\ecdhdcty.ini
C:\WINDOWS\system32\eclbecqo.ini
C:\WINDOWS\system32\eezbzc.dll
C:\WINDOWS\system32\egcwhq.dll
C:\WINDOWS\system32\egngluqr.dll
C:\WINDOWS\system32\egqhrtam.dll
C:\WINDOWS\system32\egtncaqu.dll
C:\WINDOWS\system32\ehiccgal.ini
C:\WINDOWS\system32\elcfla.dll
C:\WINDOWS\system32\eramebuo.ini
C:\WINDOWS\system32\esgchkhp.ini
C:\WINDOWS\system32\eutmmy.dll
C:\WINDOWS\system32\exxrffce.ini
C:\WINDOWS\system32\eynaeiwn.ini
C:\WINDOWS\system32\fawyibgn.dll
C:\WINDOWS\system32\fhvcjoyk.dll
C:\WINDOWS\system32\fjrngije.ini
C:\WINDOWS\system32\fkvhtl.dll
C:\WINDOWS\system32\fmfixqqb.ini
C:\WINDOWS\system32\fpbcmhgv.dll
C:\WINDOWS\system32\fssrwrac.ini
C:\WINDOWS\system32\fxbumxvj.dll
C:\WINDOWS\system32\fyuqhllg.dll
C:\WINDOWS\system32\fzmnku.dll
C:\WINDOWS\system32\ghdrmkvf.ini
C:\WINDOWS\system32\ghsdysyw.dll
C:\WINDOWS\system32\giemzl.dll
C:\WINDOWS\system32\gilrhh.dll
C:\WINDOWS\system32\gjvrdiah.dll
C:\WINDOWS\system32\greaqkin.ini
C:\WINDOWS\system32\gvdhkmqx.dll
C:\WINDOWS\system32\gvhkpy.dll
C:\WINDOWS\system32\gxqqpfoh.dll
C:\WINDOWS\system32\gybgrxgj.ini
C:\WINDOWS\system32\hdhvkk.dll
C:\WINDOWS\system32\hlocixfc.dll
C:\WINDOWS\system32\hmoqqevc.ini
C:\WINDOWS\system32\hmtepi.dll
C:\WINDOWS\system32\hncrkxed.ini
C:\WINDOWS\system32\howupnmg.dll
C:\WINDOWS\system32\hpcjvgxg.ini
C:\WINDOWS\system32\hqwfqydw.dll
C:\WINDOWS\system32\htkfkm.dll
C:\WINDOWS\system32\hvgrgb.dll
C:\WINDOWS\system32\hxdxbwjj.ini
C:\WINDOWS\system32\iagyjslp.dll
C:\WINDOWS\system32\idywzv.dll
C:\WINDOWS\system32\igasvp.dll
C:\WINDOWS\system32\ignodukt.ini
C:\WINDOWS\system32\ilhjguse.dll
C:\WINDOWS\system32\imscfuni.dll
C:\WINDOWS\system32\irptmfqc.ini
C:\WINDOWS\system32\iupvbxgu.dll
C:\WINDOWS\system32\iwxqkqva.ini
C:\WINDOWS\system32\ixlefnsd.dll
C:\WINDOWS\system32\iygolyye.ini
C:\WINDOWS\system32\jfyifh.dll
C:\WINDOWS\system32\jgfytbbi.dll
C:\WINDOWS\system32\jgylrdak.dll
C:\WINDOWS\system32\jifaho.dll
C:\WINDOWS\system32\jklueg.dll
C:\WINDOWS\system32\jmfbfova.ini
C:\WINDOWS\system32\jnyejq.dll
C:\WINDOWS\system32\jojfgqnn.dll
C:\WINDOWS\system32\jpmmeshw.dll
C:\WINDOWS\system32\jpogmp.dll
C:\WINDOWS\system32\jppaexld.ini
C:\WINDOWS\system32\jwfpcw.dll
C:\WINDOWS\system32\jxssrmrx.dll
C:\WINDOWS\system32\khytfylg.dll
C:\WINDOWS\system32\kilpowuj.ini
C:\WINDOWS\system32\kkglxitr.ini
C:\WINDOWS\system32\kliditis.dll
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp
C:\WINDOWS\system32\kntgkbkp.dll
C:\WINDOWS\system32\krloiktj.ini
C:\WINDOWS\system32\ktclnayi.ini
C:\WINDOWS\system32\kupbrtsm.ini
C:\WINDOWS\system32\kveviexn.ini
C:\WINDOWS\system32\kvmkudjs.ini
C:\WINDOWS\system32\kwoafebh.ini
C:\WINDOWS\system32\kytwrn.dll
C:\WINDOWS\system32\kznxaa.dll
C:\WINDOWS\system32\lbjtau.dll
C:\WINDOWS\system32\lcxxycom.dll
C:\WINDOWS\system32\leafnuqy.ini
C:\WINDOWS\system32\lgcyefsf.dll
C:\WINDOWS\system32\lgyeul.dll
C:\WINDOWS\system32\lhuaucsw.ini
C:\WINDOWS\system32\lhvwsoxw.ini
C:\WINDOWS\system32\liihnxjq.dll
C:\WINDOWS\system32\limvveuk.dll
C:\WINDOWS\system32\ljnoqnsv.dll
C:\WINDOWS\system32\llwtymgk.ini
C:\WINDOWS\system32\lmpiao.dll
C:\WINDOWS\system32\lndadeyn.ini
C:\WINDOWS\system32\lokittkp.ini
C:\WINDOWS\system32\lostniaj.dll
C:\WINDOWS\system32\lqfxseem.dll
C:\WINDOWS\system32\lrvbmqfb.dll
C:\WINDOWS\system32\maxzsy.dll
C:\WINDOWS\system32\mbsnfkrs.dll
C:\WINDOWS\system32\mcrsjarj.dll
C:\WINDOWS\system32\mehowvsx.dll
C:\WINDOWS\system32\mfagyd.dll
C:\WINDOWS\system32\mksfnkcv.dll
C:\WINDOWS\system32\mpjhyktu.dll
C:\WINDOWS\system32\mrdlyn.dll
C:\WINDOWS\system32\mrwvvvgv.ini
C:\WINDOWS\system32\msdqfeuc.dll
C:\WINDOWS\system32\muyxiwuk.dll
C:\WINDOWS\system32\mxsoff.dll
C:\WINDOWS\system32\ncbimfml.ini
C:\WINDOWS\system32\ncndvfdc.dll
C:\WINDOWS\system32\ncvlmxko.dll
C:\WINDOWS\system32\ncyejy.dll
C:\WINDOWS\system32\nfljvced.ini
C:\WINDOWS\system32\njskawem.dll
C:\WINDOWS\system32\nkoltibd.ini
C:\WINDOWS\system32\nlhtxqcw.dll
C:\WINDOWS\system32\nmpnukpc.dll
C:\WINDOWS\system32\nndqowcu.ini
C:\WINDOWS\system32\nobuqhxi.dll
C:\WINDOWS\system32\novfdpre.ini
C:\WINDOWS\system32\nrknctsg.ini
C:\WINDOWS\system32\nvpntjsq.ini
C:\WINDOWS\system32\nyczsc.dll
C:\WINDOWS\system32\okhyepqa.dll
C:\WINDOWS\system32\ollvswya.ini
C:\WINDOWS\system32\onfoneta.dll
C:\WINDOWS\system32\ooinxjkh.dll
C:\WINDOWS\system32\oqppcx.dll
C:\WINDOWS\system32\oqpunovm.ini
C:\WINDOWS\system32\ovmmom.dll
C:\WINDOWS\system32\oxibgb.dll
C:\WINDOWS\system32\oxryinyv.ini
C:\WINDOWS\system32\pacxruyw.ini
C:\WINDOWS\system32\pawlhvhq.dll
C:\WINDOWS\system32\pdwoulxs.ini
C:\WINDOWS\system32\pkjdlhfa.ini
C:\WINDOWS\system32\pljlqw.dll
C:\WINDOWS\system32\pnlitwhi.ini
C:\WINDOWS\system32\ptpnndcy.dll
C:\WINDOWS\system32\pvmblq.dll
C:\WINDOWS\system32\pxblyqyl.ini
C:\WINDOWS\system32\qafxuwqq.ini
C:\WINDOWS\system32\qaqahncv.dll
C:\WINDOWS\system32\qdthlc.dll
C:\WINDOWS\system32\qelpgewr.ini
C:\WINDOWS\system32\qeshpq.dll
C:\WINDOWS\system32\qlcbmwhb.ini
C:\WINDOWS\system32\qmobikrk.ini
C:\WINDOWS\system32\qoyqkfrs.dll
C:\WINDOWS\system32\qpskxohe.dll
C:\WINDOWS\system32\qrecmsaa.ini
C:\WINDOWS\system32\qrxaixsw.dll
C:\WINDOWS\system32\qukqwxlc.ini
C:\WINDOWS\system32\quweuewl.ini
C:\WINDOWS\system32\reznfl.dll
C:\WINDOWS\system32\rhzlve.dll
C:\WINDOWS\system32\risebs.dll
C:\WINDOWS\system32\rjuhnykv.dll
C:\WINDOWS\system32\rmtbeaux.ini
C:\WINDOWS\system32\rmtriq.dll
C:\WINDOWS\system32\rogxipcg.dll
C:\WINDOWS\system32\rrljeace.ini
C:\WINDOWS\system32\rrqqmjhr.ini
C:\WINDOWS\system32\rxixjwbp.dll
C:\WINDOWS\system32\rxojoixi.ini
C:\WINDOWS\system32\sargdwlm.ini
C:\WINDOWS\system32\sbncouee.ini
C:\WINDOWS\system32\scaetnlb.ini
C:\WINDOWS\system32\schvvreu.ini
C:\WINDOWS\system32\sfqrrcbs.dll
C:\WINDOWS\system32\sifnaotw.dll
C:\WINDOWS\system32\siimpelw.dll
C:\WINDOWS\system32\slaxbfod.ini
C:\WINDOWS\system32\slnwqe.dll
C:\WINDOWS\system32\smcholjf.ini
C:\WINDOWS\system32\smgkivir.dll
C:\WINDOWS\system32\smvjcpyv.dll
C:\WINDOWS\system32\soihqqvr.ini
C:\WINDOWS\system32\soiwjf.dll
C:\WINDOWS\system32\sqdaavgg.dll
C:\WINDOWS\system32\swpkhlxb.dll
C:\WINDOWS\system32\sydjfpyt.ini
C:\WINDOWS\system32\syhywa.dll
C:\WINDOWS\system32\syjagwpr.ini
C:\WINDOWS\system32\tdfjcyki.dll
C:\WINDOWS\system32\tebluw.dll
C:\WINDOWS\system32\teqcda.dll
C:\WINDOWS\system32\tbleepghj.ini
C:\WINDOWS\system32\tgoann.dll
C:\WINDOWS\system32\thbnjivw.dll
C:\WINDOWS\system32\tjeidyda.ini
C:\WINDOWS\system32\tlrqgvsd.dll
C:\WINDOWS\system32\tsjjqd.dll
C:\WINDOWS\system32\ttxcribq.ini
C:\WINDOWS\system32\uavrhtcj.ini
C:\WINDOWS\system32\ucnzcf.dll
C:\WINDOWS\system32\ucufvgnk.ini
C:\WINDOWS\system32\ufuasddf.dll
C:\WINDOWS\system32\uifclgam.ini
C:\WINDOWS\system32\uitokqxq.ini
C:\WINDOWS\system32\uiundhdm.ini
C:\WINDOWS\system32\uprhifas.dll
C:\WINDOWS\system32\usgvdkjc.dll
C:\WINDOWS\system32\usmukxsn.ini
C:\WINDOWS\system32\uuufcwhs.dll
C:\WINDOWS\system32\uuysaidj.ini
C:\WINDOWS\system32\vaecgaky.ini
C:\WINDOWS\system32\vbkdck.dll
C:\WINDOWS\system32\vedttelu.ini
C:\WINDOWS\system32\veqcbaat.ini
C:\WINDOWS\system32\vkasgldj.ini
C:\WINDOWS\system32\vlyxmfej.dll
C:\WINDOWS\system32\vmhhew.dll
C:\WINDOWS\system32\vmveschd.ini
C:\WINDOWS\system32\vnhtccfa.ini
C:\WINDOWS\system32\vvanjyev.dll
C:\WINDOWS\system32\vvkmlx.dll
C:\WINDOWS\system32\vxuwjrqm.dll
C:\WINDOWS\system32\vxuydk.dll
C:\WINDOWS\system32\vygxhbke.ini
C:\WINDOWS\system32\vyngjxhk.ini
C:\WINDOWS\system32\vyxnsvfh.dll
C:\WINDOWS\system32\wayqesjc.dll
C:\WINDOWS\system32\wiasalwb.dll
C:\WINDOWS\system32\willul.dll
C:\WINDOWS\system32\wincpkrg.ini
C:\WINDOWS\system32\wirafsvw.ini
C:\WINDOWS\system32\wmasxbii.dll
C:\WINDOWS\system32\wqkxwfvn.ini
C:\WINDOWS\system32\wquqnbmn.ini
C:\WINDOWS\system32\wshesgse.ini
C:\WINDOWS\system32\wynqcbba.dll
C:\WINDOWS\system32\xbdfbw.dll
C:\WINDOWS\system32\xdnadkop.dll
C:\WINDOWS\system32\xlxsexdw.ini
C:\WINDOWS\system32\xpyjoe.dll
C:\WINDOWS\system32\xqjthihv.ini
C:\WINDOWS\system32\xqyrudhc.dll
C:\WINDOWS\system32\xurouara.ini
C:\WINDOWS\system32\xuxnsmnf.dll
C:\WINDOWS\system32\xvirdwcq.dll
C:\WINDOWS\system32\xxclfd.dll
C:\WINDOWS\system32\xymkcsvf.ini
C:\WINDOWS\system32\ycuribqg.ini
C:\WINDOWS\system32\yezmmw.dll
C:\WINDOWS\system32\yfhxunvq.ini
C:\WINDOWS\system32\yfuprtja.dll
C:\WINDOWS\system32\ygvspu.dll
C:\WINDOWS\system32\ygweubwe.dll
C:\WINDOWS\system32\yknpjbsl.ini
C:\WINDOWS\system32\ymunnjme.dll
C:\WINDOWS\system32\yrrlujcl.ini
C:\WINDOWS\system32\yrsmgary.dll
C:\WINDOWS\system32\zopibk.dll
C:\WINDOWS\system32\zowhih.dll
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.

2008-09-14 16:57 . 2008-09-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-14 16:55 . 2008-09-14 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-14 01:48 . 2008-09-14 01:48 <DIR> d-------- C:\Program Files\CCleaner
2008-09-13 23:21 . 2008-09-13 23:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-13 23:21 . 2008-09-13 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-13 23:07 . 2008-09-13 23:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-13 22:38 . 2008-09-13 22:38 <DIR> d--hs---- C:\FOUND.001
2008-09-13 22:24 . 2008-09-13 22:24 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\Malwarebytes
2008-09-13 22:23 . 2008-09-13 22:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 22:23 . 2008-09-13 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 22:23 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 22:23 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-13 11:30 . 2008-09-13 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 11:20 . 2008-09-12 11:20 <DIR> d-------- C:\backups
2008-08-25 21:46 . 2008-08-25 21:49 4,974 ---hs---- C:\WINDOWS\system32\blwtirrf.ini
2008-08-25 20:43 . 2008-08-25 21:46 4,854 ---hs---- C:\WINDOWS\system32\qbbsngrs.ini
2008-08-25 20:34 . 2008-08-25 20:34 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 18:15 1,349,689 --sh--w C:\WINDOWS\system32\lndadeyn.tmp
2007-10-22 01:08 638 ----a-w C:\Documents and Settings\Other user\Application Data\wklnhst.dat
2007-08-17 14:22 5,588 ----a-w C:\Documents and Settings\Alexander\Application Data\wklnhst.dat
2005-08-26 01:29 588,800 ----a-w C:\Documents and Settings\Sysinfo\InsertCD.exe
2004-08-04 09:00 4,096 --sha-w C:\WINDOWS\system32\1112.dat
2008-05-28 18:54 97,280 --sh--r C:\WINDOWS\system32\ReinstallBackupst.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"aawservice"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SAVScan"=3 (0x3)
"ccSetMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 FNETDEVI;FNETDEVI;C:\WINDOWS\system32\drivers\FNETDEVI.SYS [2008-02-09 19572]
S1 79770911;79770911;C:\WINDOWS\system32\drivers\79770911.sys [ ]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Alexander\Application Data\Mozilla\Firefox\Profiles\f6uz394l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 17:06:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
.
**************************************************************************
.
Completion time: 2008-09-14 17:07:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-14 21:07:40

Pre-Run: 6,498,615,296 bytes free
Post-Run: 6,409,863,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

443 --- E O F --- 2008-05-17 07:11:09

The HJT log looks clean to me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:51 PM, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alexander\Desktop\moon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4127 bytes
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users