Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with wrong Comine.exe, Vundo infection


  • This topic is locked This topic is locked
49 replies to this topic

#1 0verwhelming

0verwhelming

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 27 February 2009 - 12:28 PM

I have run system restore since I noticed the problem, but I believe it has been infected for a while. Everytime on startup, there is a dialog box saying "Setting up personalized settings for C:\Windows\system32\comine.exe"

When I run spybot, I find a hupigon entry that cannot be deleted through spybot. I also find entries related to Vundo.


DDS (Ver_09-02-01.01) - NTFSx86
Run by User at 12:20:34.51 on Fri 02/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1286 [GMT -5:00]

AV: AVG *On-access scanning disabled* (Outdated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\User\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://gmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5267167c-08ac-404d-a7e8-8bb04183ae7d} - c:\windows\system32\pmnNhEVL.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7bf35b6f-822c-4030-b347-b68760697e2f} - c:\windows\system32\urqOIxuU.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: WebNotes Toolbar: {a26b0c12-dff0-465f-becb-e4f2fd732bdb} - c:\program files\webnotes\webnotes toolbar\WebNotesToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\User\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [7418e77f] rundll32.exe "c:\windows\system32\tkmqqfoc.dll",b
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: urqOIxuU - urqOIxuU.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {7bf35b6f-822c-4030-b347-b68760697e2f} - c:\windows\system32\urqOIxuU.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnNhEVL setuid

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\User\applic~1\mozilla\firefox\profiles\ovyyv041.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com
FF - plugin: c:\documents and settings\User\application data\mozilla\firefox\profiles\ovyyv041.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07100121.dll
FF - plugin: c:\documents and settings\User\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\User\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-5-8 12424]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-8 26184]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-8 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-8 75272]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-30 935208]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-5-8 22528]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-8 96520]
S2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-5-8 930584]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\User\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\User\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-8-7 9344]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\AWRTPD.sys [2007-7-11 6272]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;c:\windows\system32\drivers\AWRTRD.sys [2007-8-7 8320]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-5-8 22528]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-1-26 1245064]

=============== Created Last 30 ================

2009-02-27 11:58 <DIR> --d----- c:\windows\privacy_danger
2009-02-27 11:58 <DIR> --d----- c:\program files\VAV
2009-02-27 11:58 <DIR> --d----- c:\program files\PCHealthCenter
2009-02-20 23:35 <DIR> --d----- c:\docume~1\User\applic~1\Malwarebytes
2009-02-20 23:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 23:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-19 10:25 <DIR> --d----- c:\program files\TeXnicCenter(2)
2009-02-14 16:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MiKTeX
2009-02-14 16:34 <DIR> --d----- c:\program files\MiKTeX 2.7
2009-02-11 03:05 97,110 a------- c:\windows\system32\MRT.INI
2009-02-08 16:20 <DIR> --d----- c:\documents and settings\User\.matplotlib
2009-02-07 17:17 <DIR> --d----- c:\documents and settings\User\_ipython
2009-02-05 19:28 <DIR> --d----- c:\docume~1\User\applic~1\Subversion
2009-02-05 19:17 <DIR> --d----- c:\program files\Sun
2009-02-05 19:10 <DIR> --d----- c:\documents and settings\User\.SunDownloadManager
2009-02-05 00:12 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-29 09:37 <DIR> --d----- c:\program files\iPod
2009-01-29 09:37 <DIR> --d----- c:\program files\iTunes
2009-01-29 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-02-23 23:33 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-23 23:33 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-02-05 19:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-21 16:42 84,992 ---shr-- c:\windows\system32\ckvo0.dll
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-21 11:37 44,998 a------- c:\windows\DIIUnin.dat
2008-12-21 11:19 94,208 a------- c:\windows\DIIUnin.exe
2008-12-21 11:19 2,829 a------- c:\windows\DIIUnin.pif
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 10:55 21,840 a------t c:\windows\system32\SIntfNT.dll
2008-12-20 10:55 17,212 a------t c:\windows\system32\SIntf32.dll
2008-12-20 10:55 12,067 a------t c:\windows\system32\SIntf16.dll
2008-01-01 03:40 32 -------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-08-11 09:03 89,221 ---shr-- c:\windows\system32\ckvo.exe
2007-12-18 14:03 30,025 ---sh--- c:\windows\system32\comine.exe
2008-09-16 05:33 114,821 ---shr-- c:\windows\system32\j3ewro.exe
2008-10-13 15:35 187,392 ---shr-- c:\windows\system32\jwedsfdo0.dll
2008-05-08 07:19 1,042,354 a--sh--- c:\windows\system32\LVEhNnmp.ini2
2008-07-25 11:24 983 a--sh--- c:\windows\system32\SsuDffii.ini2
2008-09-30 22:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008093020081001\index.dat

============= FINISH: 12:21:02.27 ===============

Attached Files


Edited by 0verwhelming, 27 February 2009 - 01:53 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 02 March 2009 - 01:50 PM

Hello 0verwhelming,

Sorry for the delay. We have over 500 logs backed up and not enough helpers.


Are you a Java Developer? I see you have
Java™ SE Development Kit 6 Update 12
Java™ SE Development Kit 6 Update 4
Java DB 10.4.1.3 installed.


If you are not a Java Developer, then uninstall them.

Also, you have old versions of Java installed. Older versions have vulnerabilities that malware can use to infect your system, so I recommend you uninstall them
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7


Leave Java™ 6 Update 12 on your computer, as that is the latest version.




We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 02 March 2009 - 02:04 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 10:39 AM

Thank you very much for your help; sorry for responding late myself. I program in Java, but I deleted the outdated versions per your suggestion.

I ran the MBAM scan and accepted the prompt to restart the computer in order to eliminate some elements. However, on the restart, I tried to run HijackThis, and it would not open. I assume that the virus has blacklisted certain programs or exe files. I cannot run regedit, and when I try to run cmd, I get the following error:

"The application failed to initialize properly (0xc0000142). Click on OK to terminate the application"

The MBAB log file is below:

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/4/2009 10:28:57 AM
mbam-log-2009-03-04 (10-28-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 350184
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 418
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bf35b6f-822c-4030-b347-b68760697e2f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqoixuu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bf35b6f-822c-4030-b347-b68760697e2f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7bf35b6f-822c-4030-b347-b68760697e2f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADVXDWIN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ALOGSERV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AMON9X (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti - trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivir (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTS (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arvmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATCON (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATUPDATER (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ATWATCH (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoGuarder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoTrace (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCC32 (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvgServ (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGSERV9 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGW (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvkServ (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avrep32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWINNT (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXMONITOR9X (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXMONITORNT (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXQUAR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVXW (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCAPP.EXE (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgWiz (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clrav.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CMGRDIAN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONNECTIONMONITOR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CPDClnt (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CTRL (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEFWATCH (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DOORS (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFINET32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EFPEADM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ETRUSTCIPE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EVPN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPERT (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f - stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findt2005.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32 (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp - win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT95.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32 (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBPOLL (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GENERICS (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSTATS (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IsHelp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISRV95 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killhidepid.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LDPROMENU (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LDSCAN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdownadvanced.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUSPT (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcafee (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCAGENT (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCMNHDLR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCTOOL (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCUPDATE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCVSRTE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCVSSHLD (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MGHTML (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MINILOG (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSERVICE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MWATCH (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVENGNAVEX15 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeoWatchLog (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nspclean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTVDM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NTXconfig (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVSVC32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NWService (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NWTOOL16 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PADMIN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavmail.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcntmon (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\per.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pertsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pervac.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pervacd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwagent.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwcon.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POP3TRAP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POPROXY (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PORTMONITOR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pqremove.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROCESSMONITOR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PROGRAMAUDITOR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavCopy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravt08.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\REALMON (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwolusr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RTVSCN95 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RULAUNCH (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sfc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartassistant.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPYXX (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngPS.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SS3EDIT (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SweepNet (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWNETSUP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SymProxySvc (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SYMTRAY (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Syscheck2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TAUMON (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2 - 98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2 - nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFAK (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\th32upd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\thmail.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ToolsUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VbCons (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VCONTROL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VIR - HELP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSMAIN (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WATCHDOG (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBTRAP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WGFE95 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WIMMUN32 (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WrAdmin (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WrCtrl (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAP.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPPRG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAPS.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZCAP.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7418e77f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7bf35b6f-822c-4030-b347-b68760697e2f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\urqOIxuU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwedsfdo0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\j3ewro.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 11:19 AM

Hi 0verwhelming,

Download Security Check by screen317 from here or here and save it to your Desktop.
Unzip SecurityCheck.zip and a folder named Security Check should appear.
Open the Security Check folder and double-click Security Check.bat
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 12:18 PM

Thanks for the quick response. Unfortunately, the Security Check.bat runs through the command prompt, and my command prompt currently returns the following error:

"The application failed to initialize properly (0xc0000142). Click on OK to terminate the application"

I will try a restart and repost in a few minutes.

#6 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 12:26 PM

On the restart, I could access the command prompt and security check. I could not run HijackThis however.

The checkup log file is as follows:

Results of screen317's Security Check version 0.97.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Spybot - Search & Destroy
Malwarebytes' Anti-Malware
Ad-Aware 2007
Java™ 6 Update 12
Java™ SE Development Kit 6 Update 4
Java™ SE Development Kit 6 Update 12
Java DB 10.4.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 13 seconds.
`````````End of Log```````````

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 12:32 PM

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed :!:
This is somewhat suicidal in today's digital world. :thumbup2:
That's why I want you to install one first!!

Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus :!:

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThis log.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Edited by SifuMike, 04 March 2009 - 12:33 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 02:50 PM

Thanks for the sound advice; I have installed Avira. When I try to open HijackThis, it returns an error:

"Windows cannot find 'C:\Program Files\Trend Micro\HijackThis\HijackThis.exe'. Make sure you typed the name correctly, and then try again..."

Interesting, because I clicked on the actual file in windows explorer to return the above error.

Scan is as follows:



Avira AntiVir Personal
Report file date: Wednesday, March 04, 2009 12:52

Scanning for 1283292 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LAPTOP

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 17:49:01
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 17:49:11
ANTIVIR3.VDF : 7.1.2.120 87552 Bytes 3/4/2009 17:49:13
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/4/2009 17:49:40
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 3/4/2009 17:49:38
AESCN.DLL : 8.1.1.7 127347 Bytes 3/4/2009 17:49:35
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 17:49:33
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/4/2009 17:49:30
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 3/4/2009 17:49:28
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/4/2009 17:49:19
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 17:49:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/4/2009 17:49:15
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, March 04, 2009 12:52

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Copy of eclipse.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'CPSHelpRunner10.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'gidle.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatchTray10.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB10.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'tvttcsd.exe' - '1' Module(s) have been scanned
Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch10.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ARK9.tmp
[DETECTION] Is the TR/Delf.3025.B Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b974d03.qua'!
C:\AutoRun.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '4a22c0a7.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\User\Desktop\D2\D2Loaderv1.11b\Diablo II.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a0fc1c8.qua'!
C:\Documents and Settings\User\Desktop\Junk\Macro Express v3.7.0.1.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Bancos.BDK Trojan
[NOTE] The file was moved to '4a11c38c.qua'!
C:\Documents and Settings\User\Desktop\Junk\Macro Express v3.7.0.1\keygen.exe
[DETECTION] Is the TR/Bancos.BDK Trojan
[NOTE] The file was moved to '4a27c3aa.qua'!
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache(5)\D475F7F6d01
[0] Archive type: NSIS
--> ProgramFilesDir/numpy-1.2.1-sse2.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\User\My Documents\Azureus Downloads\fast-blog-finder.exe
[DETECTION] Contains recognition pattern of the PHISH/FraudTool.SpyNoMore.G.74 phishing file/email
[NOTE] The file was moved to '4a21c640.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\Adobe PhotoShop CS3 EXTENDED KeyGen\Adobe Photoshop CS3 Extended VOLUME LICENSE KEYGEN.exe
[DETECTION] Contains recognition pattern of the DR/Pakes.jti.1 dropper
[NOTE] The file was moved to '4a1dc64e.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\IDM UltraCompare Professional 5.00\ultracompare_keygen.exe
[DETECTION] Is the TR/Packed.12544 Trojan
[NOTE] The file was moved to '4a22c7dd.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\Macro Express v3.7.0.1\keygen.exe
[DETECTION] Is the TR/Bancos.BDK Trojan
[NOTE] The file was moved to '4a27c7da.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\Macro Express v3.7.0.1\Macro Express v3.7.0.1.zip
[0] Archive type: ZIP
--> keygen.exe
[DETECTION] Is the TR/Bancos.BDK Trojan
[NOTE] The file was moved to '4a11c7d7.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\Photoshop CS2 Keygen\Photoshop CS 2 KEYGEN.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[NOTE] The file was moved to '4a1dc7e4.qua'!
C:\Documents and Settings\User\My Documents\Azureus Downloads\Real Player 11 Plus ITA\rp11_Activator.exe
[DETECTION] Contains recognition pattern of the DR/Monder.436224 dropper
[NOTE] The file was moved to '49dfc7ec.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP485\A0083096.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4b3.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP485\A0084992.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4dd.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP485\A0085158.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4e0.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP486\A0085277.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4e5.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP487\A0085290.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4e6.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP488\A0085362.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded4e9.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP493\A0087115.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded56c.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087723.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49ded584.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087724.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48a3d57d.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087725.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49ded586.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087726.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48a3d57f.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087731.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded585.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP498\A0087759.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '49ded578.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP499\A0087764.exe
[DETECTION] Is the TR/Delf.3025.B Trojan
[NOTE] The file was moved to '49ded589.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP499\A0087765.inf
[DETECTION] Is the TR/Spy.190 Trojan
[NOTE] The file was moved to '48a3d572.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP499\A0087770.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49ded58a.qua'!
C:\System Volume Information\_restore{62B45818-72CF-465B-B37C-D920F1404AAF}\RP499\A0087771.exe
[DETECTION] Is the TR/Bancos.BDK Trojan
[NOTE] The file was moved to '48a3d573.qua'!
C:\WINDOWS\system32\iiffDusS(2).dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4a14d811.qua'!


End of the scan: Wednesday, March 04, 2009 14:36
Used time: 1:43:43 Hour(s)

The scan has been done completely.

23090 Scanning directories
1102693 Files were scanned
30 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
30 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
1102662 Files not concerned
9951 Archives were scanned
3 Warnings
30 Notes

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 03:05 PM

Hi,

Have you uninstall AVG antivirus? If not, then please do so.
Running two antivirus will greatly slow your computer.

"Windows cannot find 'C:\Program Files\Trend Micro\HijackThis\HijackThis.exe'. Make sure you typed the name correctly, and then try again..."


Please download and install the new version by following the instructions here: http://www.download.com/Trend-Micro-Hijack....html?tag=mncol

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Let it install in the default folder C:\Program Files\Trend Micro\HijackThis
You dont need to post a Hijackthis log just yet.



Download Lop S&D
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

You can enable them after the scan.

You can find a detailed instructions with visuals here

Double-click Lop S&D.exe

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 03:20 PM

Thanks for the quick response. I know.. Lots of Azureus downloads:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU T7500 @ 2.20GHz )
BIOS : Ver 1.00PARTTBLx
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
Firewall : AVG Firewall 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:93 Go (Free:2 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 03/04/2009|15:13 )

--------------------\\ Listing folders in APPLIC~1

[06/10/2008|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[01/29/2009|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/28/2009|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/01/2008|03:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/07/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/11/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[03/04/2009|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[01/01/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[01/01/2009|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/21/2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DRM
[11/03/2008|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[02/23/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IJJIGame
[01/18/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software
[01/18/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software Solutions
[06/20/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/07/2008|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/01/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lenovo
[01/16/2008|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[01/16/2008|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[02/20/2009|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/02/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/11/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/14/2009|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MiKTeX
[03/03/2009|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[09/09/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[06/20/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[02/27/2009|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/20/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[06/20/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[07/25/2008|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/26/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[06/11/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[07/12/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VanDyke
[01/01/2008|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/01/2008|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/22/2009|06:44] C:\DOCUME~1\USER\APPLIC~1\<DIR> Adobe
[01/14/2008|09:48] C:\DOCUME~1\USER\APPLIC~1\<DIR> Apple Computer
[03/01/2009|05:53] C:\DOCUME~1\USER\APPLIC~1\<DIR> Azureus
[06/03/2008|05:12] C:\DOCUME~1\USER\APPLIC~1\<DIR> DivX
[12/26/2008|05:08] C:\DOCUME~1\USER\APPLIC~1\<DIR> dvdcss
[06/04/2008|03:40] C:\DOCUME~1\USER\APPLIC~1\<DIR> GlobalSCAPE
[03/04/2009|12:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> gtk-2.0
[02/10/2008|12:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> Helios
[01/01/2009|04:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Help
[01/01/2008|02:31] C:\DOCUME~1\USER\APPLIC~1\<DIR> Identities
[06/12/2008|10:12] C:\DOCUME~1\USER\APPLIC~1\<DIR> IDMComp
[12/20/2008|06:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> ijjigame
[06/11/2008|12:50] C:\DOCUME~1\USER\APPLIC~1\<DIR> InstallShield
[01/24/2009|11:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> Leadertech
[01/01/2008|03:02] C:\DOCUME~1\USER\APPLIC~1\<DIR> Lenovo
[01/01/2008|12:44] C:\DOCUME~1\USER\APPLIC~1\<DIR> Macromedia
[02/20/2009|11:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Malwarebytes
[11/16/2008|01:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> MathWorks
[12/19/2008|04:51] C:\DOCUME~1\USER\APPLIC~1\<DIR> Microsoft
[06/21/2008|02:06] C:\DOCUME~1\USER\APPLIC~1\<DIR> Move Networks
[01/29/2009|05:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> Mozilla
[09/08/2008|04:38] C:\DOCUME~1\USER\APPLIC~1\<DIR> MySQL
[12/07/2008|11:22] C:\DOCUME~1\USER\APPLIC~1\<DIR> Nero
[05/26/2008|10:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> NJStar
[07/28/2008|10:46] C:\DOCUME~1\USER\APPLIC~1\<DIR> Opera
[01/01/2008|12:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Real
[11/20/2008|07:08] C:\DOCUME~1\USER\APPLIC~1\<DIR> Roxio
[03/02/2009|05:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Skype
[03/02/2009|04:29] C:\DOCUME~1\USER\APPLIC~1\<DIR> skypePM
[07/14/2008|10:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> SmartFTP
[02/05/2009|07:28] C:\DOCUME~1\USER\APPLIC~1\<DIR> Subversion
[01/19/2008|03:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sun
[01/01/2008|03:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Talkback
[06/05/2008|08:33] C:\DOCUME~1\USER\APPLIC~1\<DIR> teamspeak2
[02/27/2009|11:58] C:\DOCUME~1\USER\APPLIC~1\<DIR> U3
[06/11/2008|12:50] C:\DOCUME~1\USER\APPLIC~1\<DIR> Ubisoft
[07/12/2008|09:10] C:\DOCUME~1\USER\APPLIC~1\<DIR> VanDyke
[06/13/2008|04:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Ventrilo
[01/09/2008|11:22] C:\DOCUME~1\USER\APPLIC~1\<DIR> vlc
[08/24/2008|07:11] C:\DOCUME~1\USER\APPLIC~1\<DIR> webex
[01/01/2008|12:38] C:\DOCUME~1\USER\APPLIC~1\<DIR> WinRAR

[06/22/2008|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/20/2008|10:34] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Adobe
[12/20/2008|10:30] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Identities
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Macromedia
[12/20/2008|11:05] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Microsoft
[12/20/2008|10:34] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Mozilla
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Real
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Roxio

[06/22/2008|07:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[06/10/2008|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/22/2008|07:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[06/22/2008|02:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/04/2009 12:36 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-789336058-839522115-1003.job
[02/23/2009 08:00 PM][--a------] C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - User.job
[02/12/2009 03:33 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/04/2009 02:40 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/11/2008|12:50] C:\Program Files\<DIR> Add Remove Pro
[07/02/2008|07:28] C:\Program Files\<DIR> Adobe
[01/21/2008|12:33] C:\Program Files\<DIR> Analog Devices
[10/31/2008|09:11] C:\Program Files\<DIR> Apple Software Update
[08/13/2008|10:20] C:\Program Files\<DIR> Audacity
[05/08/2008|07:16] C:\Program Files\<DIR> AVG
[03/04/2009|12:47] C:\Program Files\<DIR> Avira
[02/27/2009|04:03] C:\Program Files\<DIR> Azureus
[07/25/2008|04:49] C:\Program Files\<DIR> BearShare
[01/23/2009|04:25] C:\Program Files\<DIR> Bible
[10/31/2008|09:14] C:\Program Files\<DIR> Bonjour
[02/25/2009|11:14] C:\Program Files\<DIR> Common Files
[01/01/2008|02:11] C:\Program Files\<DIR> ComPlus Applications
[01/01/2008|12:30] C:\Program Files\<DIR> CONEXANT
[12/21/2008|11:39] C:\Program Files\<DIR> CVSNT
[03/01/2009|05:25] C:\Program Files\<DIR> Dia
[03/04/2009|10:23] C:\Program Files\<DIR> Diablo II
[12/21/2008|11:32] C:\Program Files\<DIR> Diablo IIa
[12/20/2008|10:46] C:\Program Files\<DIR> Diablo IIb
[01/01/2008|03:20] C:\Program Files\<DIR> DIFX
[06/02/2008|08:14] C:\Program Files\<DIR> DivX
[01/01/2009|04:49] C:\Program Files\<DIR> e-Sword
[10/09/2008|04:06] C:\Program Files\<DIR> gAlwaysIdle
[06/04/2008|03:38] C:\Program Files\<DIR> GlobalSCAPE
[01/01/2009|10:21] C:\Program Files\<DIR> Google
[06/12/2008|10:12] C:\Program Files\<DIR> IDM Computer Solutions
[01/24/2009|11:13] C:\Program Files\<DIR> InstallShield Installation Information
[06/22/2008|07:16] C:\Program Files\<DIR> InterActual
[02/11/2009|03:01] C:\Program Files\<DIR> Internet Explorer
[01/29/2009|09:37] C:\Program Files\<DIR> iPod
[01/29/2009|09:38] C:\Program Files\<DIR> iTunes
[03/04/2009|08:56] C:\Program Files\<DIR> Java
[06/03/2008|05:01] C:\Program Files\<DIR> jEdit
[05/07/2008|11:51] C:\Program Files\<DIR> Lavasoft
[01/01/2008|02:35] C:\Program Files\<DIR> Lenovo
[01/16/2008|08:45] C:\Program Files\<DIR> Logitech
[02/27/2008|12:48] C:\Program Files\<DIR> Macro Express3
[03/04/2009|08:57] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/30/2008|10:51] C:\Program Files\<DIR> Messenger
[06/10/2008|01:48] C:\Program Files\<DIR> Microsoft
[01/01/2008|12:31] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/01/2008|02:15] C:\Program Files\<DIR> microsoft frontpage
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Office
[03/01/2009|02:17] C:\Program Files\<DIR> Microsoft Silverlight
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Visual Studio
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Works
[02/14/2009|04:38] C:\Program Files\<DIR> MiKTeX 2.7
[01/11/2009|08:08] C:\Program Files\<DIR> Mobile Partner
[09/30/2008|10:47] C:\Program Files\<DIR> Movie Maker
[03/04/2009|02:42] C:\Program Files\<DIR> Mozilla Firefox
[01/01/2008|12:17] C:\Program Files\<DIR> MSBuild
[07/28/2008|09:17] C:\Program Files\<DIR> MSECACHE
[01/01/2008|02:10] C:\Program Files\<DIR> MSN
[01/01/2008|02:11] C:\Program Files\<DIR> MSN Gaming Zone
[01/01/2008|12:30] C:\Program Files\<DIR> MSXML 4.0
[06/02/2008|12:52] C:\Program Files\<DIR> MySQL
[03/03/2009|12:33] C:\Program Files\<DIR> Nero
[09/30/2008|10:44] C:\Program Files\<DIR> NetMeeting
[05/26/2008|10:15] C:\Program Files\<DIR> NJStar Communicator
[01/24/2009|11:13] C:\Program Files\<DIR> NovaLogic
[01/01/2008|02:11] C:\Program Files\<DIR> Online Services
[07/28/2008|10:46] C:\Program Files\<DIR> Opera
[09/30/2008|10:44] C:\Program Files\<DIR> Outlook Express
[06/11/2008|01:09] C:\Program Files\<DIR> PowerISO
[01/29/2009|09:36] C:\Program Files\<DIR> QuickTime
[01/01/2008|12:42] C:\Program Files\<DIR> Real
[11/14/2008|11:37] C:\Program Files\<DIR> Rotman
[06/20/2008|10:40] C:\Program Files\<DIR> Roxio
[07/12/2008|09:10] C:\Program Files\<DIR> SecureFX
[02/27/2009|11:57] C:\Program Files\<DIR> Skype
[07/13/2008|02:16] C:\Program Files\<DIR> SmartCVS
[07/14/2008|10:45] C:\Program Files\<DIR> SmartFTP Client
[07/14/2008|10:44] C:\Program Files\<DIR> SmartFTP Client 3.0 Setup Files
[06/20/2008|10:32] C:\Program Files\<DIR> SmartSound Software
[02/11/2009|11:57] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/04/2009|02:41] C:\Program Files\<DIR> Steam
[02/05/2009|07:17] C:\Program Files\<DIR> Sun
[01/01/2008|12:31] C:\Program Files\<DIR> Synaptics
[06/05/2008|08:33] C:\Program Files\<DIR> Teamspeak2_RC2
[02/27/2009|01:37] C:\Program Files\<DIR> TeXnicCenter
[02/27/2009|11:59] C:\Program Files\<DIR> TeXnicCenter(2)
[02/10/2008|12:23] C:\Program Files\<DIR> TextPad 5
[03/04/2009|10:34] C:\Program Files\<DIR> Trend Micro
[03/04/2009|12:19] C:\Program Files\<DIR> Trillian
[06/11/2008|12:50] C:\Program Files\<DIR> Ubisoft
[01/01/2008|02:31] C:\Program Files\<DIR> Uninstall Information
[01/01/2008|03:47] C:\Program Files\<DIR> Ventrilo
[01/01/2008|03:39] C:\Program Files\<DIR> VideoLAN
[02/22/2008|01:39] C:\Program Files\<DIR> WebNotes
[06/11/2008|01:31] C:\Program Files\<DIR> Windows Installer Clean Up
[01/01/2008|03:59] C:\Program Files\<DIR> Windows Live
[09/30/2008|10:48] C:\Program Files\<DIR> Windows Media Player
[09/30/2008|10:44] C:\Program Files\<DIR> Windows NT
[01/01/2008|02:13] C:\Program Files\<DIR> WindowsUpdate
[01/01/2008|12:40] C:\Program Files\<DIR> WinRAR
[01/01/2008|02:15] C:\Program Files\<DIR> xerox
[01/01/2008|12:48] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/09/2008|10:46] C:\Program Files\Common Files\<DIR> Adobe
[01/29/2009|09:37] C:\Program Files\Common Files\<DIR> Apple
[11/21/2008|10:19] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[01/01/2008|12:17] C:\Program Files\Common Files\<DIR> DESIGNER
[02/23/2008|10:23] C:\Program Files\Common Files\<DIR> INCA Shared
[02/23/2008|10:47] C:\Program Files\Common Files\<DIR> Insight Software Solutions
[06/20/2008|10:32] C:\Program Files\Common Files\<DIR> InstallShield
[01/19/2008|03:12] C:\Program Files\Common Files\<DIR> Java
[01/01/2008|02:35] C:\Program Files\Common Files\<DIR> Lenovo
[01/16/2008|08:49] C:\Program Files\Common Files\<DIR> LogiShrd
[01/01/2008|01:42] C:\Program Files\Common Files\<DIR> Macrovision Shared
[08/08/2008|02:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/01/2008|02:12] C:\Program Files\Common Files\<DIR> MSSoap
[03/03/2009|12:45] C:\Program Files\Common Files\<DIR> Nero
[12/31/2007|09:00] C:\Program Files\Common Files\<DIR> ODBC
[01/01/2008|12:43] C:\Program Files\Common Files\<DIR> Real
[06/20/2008|10:39] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/01/2008|02:12] C:\Program Files\Common Files\<DIR> Services
[02/27/2009|11:57] C:\Program Files\Common Files\<DIR> Skype
[06/20/2008|10:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/31/2007|09:00] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/31/2008|01:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/30/2008|10:44] C:\Program Files\Common Files\<DIR> System
[01/01/2008|03:59] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[05/07/2008|11:50] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/01/2008|12:43] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\USER\LOCALS~1\Temp\nsf94.tmp
C:\DOCUME~1\USER\LOCALS~1\Temp\nsg70.tmp
C:\DOCUME~1\USER\LOCALS~1\Temp\nsj1BF.tmp
C:\DOCUME~1\USER\LOCALS~1\Temp\nsq1C4.tmp
C:\DOCUME~1\USER\LOCALS~1\Temp\nss1C8.tmp
C:\DOCUME~1\USER\Cookies\User@advertising[1].txt
C:\DOCUME~1\USER\Cookies\User@advertising[3].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 15:13:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\LVEhNnmp.ini
C:\WINDOWS\system32\LVEhNnmp.ini2
C:\WINDOWS\system32\SsuDffii.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..
Don’t judge my downloads :X
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Norton+Internet+security+2008+Final+with+Keygen.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Ultimate_Keygen_Collection___Only_Latest_Keygens.4312050.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe CS3 Design Premium - Keygen (Photoshop, Illustrator, InDesign, Dreamweaver, Flash) [smaragdtorrent.to].torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe PhotoShop CS3 EXTENDED KeyGen.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe Photoshop CS3 v10 with Crack full version.zip.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS3_Crack277026654191.136.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS_3.0_Keygen.3982879.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] BearShare_PRO_5_2_5_Full_and_Working_with_Crack_-_Ciwi.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Cuteftp_8_Professional___Crack_(PATCH).4155300.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Macromedia DreamWeaver CS3 + Plugins and Crack.1344437.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton 2008 Internet security keygen.zip.1392879.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton Internet Security 2008 Activation Crack.rar.1372504.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Photoshop_CS2_Keygen.3589173.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] PhotoShop_CS3_Extended_Keygen_Activation.exe.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Roxio_Easy_Media_Creator_10_Suite_Genuine___Keygen.3928857.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] WinRar 3.71 final keygen (Works 100% ).torrent
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Adobe PhotoShop CS3 EXTENDED KeyGen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen.rar
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet Security 2008 Activation Crack
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\HOW TO INSTALL.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\ArmAccess.dll
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\BearShare.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftp.jpg
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftppro.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\ProgInfo.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\readme_1st.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Visit SkillWare Site.url
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\chic.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\patch.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\keygen.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\MagicISO 5.3.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Norton Internet security 2008 Final with Keygen.uif
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Readme.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen\How 2 Install - READ ME NOW.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Trillian Pro 3.1.9.0\Crack.rar
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\FREE GIFT FOR LOST FANS.html
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Gagner argent facile.html
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Read Me.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\wrar371.exe


[F:84][D:1218]-> C:\DOCUME~1\USER\LOCALS~1\Temp
[F:58][D:0]-> C:\DOCUME~1\USER\Cookies
[F:3889][D:4]-> C:\DOCUME~1\USER\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 03/04/2009|15:16 - Option : [1]

--------------------\\ Scan completed at 15:16:12

Edited by 0verwhelming, 04 March 2009 - 03:23 PM.


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 04:50 PM

Hi 0verwhelming,

I see you're not afraid of visiting crack sites - using illegal software. :thumbup2: Because from the logs I can see that you actually installed some keygens that appear on crack sites to get access to the cracks. They install the malware on your system!


If you visit crack sites, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

You really have to change your surfing habits, because these malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.

Also, keep in mind, malware DAMAGES A LOT!

And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.:)

So is it really worth it? Get illegal software for "free", but compromise/break your computer instead....
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.




Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".


:files
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Norton+Internet+security+2008+Final+with+Keygen.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Ultimate_Keygen_Collection___Only_Latest_Keygens.4312050.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe CS3 Design Premium - Keygen (Photoshop, Illustrator, InDesign, Dreamweaver, Flash) [smaragdtorrent.to].torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe PhotoShop CS3 EXTENDED KeyGen.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe Photoshop CS3 v10 with Crack full version.zip.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS3_Crack277026654191.136.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS_3.0_Keygen.3982879.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] BearShare_PRO_5_2_5_Full_and_Working_with_Crack_-_Ciwi.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Cuteftp_8_Professional___Crack_(PATCH).4155300.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Macromedia DreamWeaver CS3 + Plugins and Crack.1344437.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton 2008 Internet security keygen.zip.1392879.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton Internet Security 2008 Activation Crack.rar.1372504.SN.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Photoshop_CS2_Keygen.3589173.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] PhotoShop_CS3_Extended_Keygen_Activation.exe.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Roxio_Easy_Media_Creator_10_Suite_Genuine___Keygen.3928857.TPB.torrent
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] WinRar 3.71 final keygen (Works 100% ).torrent
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Adobe PhotoShop CS3 EXTENDED KeyGen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen.rar
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet Security 2008 Activation Crack
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\HOW TO INSTALL.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\ArmAccess.dll
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\BearShare.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftp.jpg
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftppro.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\ProgInfo.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\readme_1st.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Visit SkillWare Site.url
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\chic.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\patch.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\keygen.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\MagicISO 5.3.exe
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Norton Internet security 2008 Final with Keygen.uif
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Readme.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Torrent downloaded from Demonoid.com.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen\How 2 Install - READ ME NOW.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Trillian Pro 3.1.9.0\Crack.rar
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\FREE GIFT FOR LOST FANS.html
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Gagner argent facile.html
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Read Me.txt
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\wrar371.exe

:commands
[emptytemp]
[Reboot]


Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Edited by SifuMike, 04 March 2009 - 04:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 06:16 PM

Thank you for your input - I will be more careful in the future!

========== FILES ==========
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Norton+Internet+security+2008+Final+with+Keygen.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\Ultimate_Keygen_Collection___Only_Latest_Keygens.4312050.TPB.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe CS3 Design Premium - Keygen (Photoshop, Illustrator, InDesign, Dreamweaver, Flash) [smaragdtorrent.to].torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe PhotoShop CS3 EXTENDED KeyGen.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe Photoshop CS3 v10 with Crack full version.zip.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS3_Crack277026654191.136.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Adobe_Photoshop_CS_3.0_Keygen.3982879.TPB.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] BearShare_PRO_5_2_5_Full_and_Working_with_Crack_-_Ciwi.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Cuteftp_8_Professional___Crack_(PATCH).4155300.TPB.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Macromedia DreamWeaver CS3 + Plugins and Crack.1344437.SN.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton 2008 Internet security keygen.zip.1392879.SN.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Norton Internet Security 2008 Activation Crack.rar.1372504.SN.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Photoshop_CS2_Keygen.3589173.TPB.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] PhotoShop_CS3_Extended_Keygen_Activation.exe.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] Roxio_Easy_Media_Creator_10_Suite_Genuine___Keygen.3928857.TPB.torrent moved successfully.
C:\DOCUME~1\USER\Application Data\Azureus\torrents\[isoHunt] WinRar 3.71 final keygen (Works 100% ).torrent moved successfully.
File/Folder C:\DOCUME~1\USER\Local Settings\Temp\Ultimate_Keygen_Collection___Only_Latest_Keygens.4312050.TPB.torrent not found.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Adobe PhotoShop CS3 EXTENDED KeyGen moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen.rar moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet Security 2008 Activation Crack moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen moved successfully.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% ) moved successfully.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\HOW TO INSTALL.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\ArmAccess.dll not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\BearShare PRO 5.2.5 Full and Working with Crack - Ciwi\Crack\BearShare.exe not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftp.jpg not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\cuteftppro.exe not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\ProgInfo.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\readme_1st.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Visit SkillWare Site.url not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\chic.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\CuteFTP 8 Professional + PrivateKeygen\Patch\patch.exe not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\keygen.exe not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Magic ISO Maker v5.3+keygen\MagicISO 5.3.exe not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Norton Internet security 2008 Final with Keygen.uif not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Readme.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Norton Internet security 2008 Final with Keygen\Torrent downloaded from Demonoid.com.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\Photoshop CS2 Keygen\How 2 Install - READ ME NOW.txt not found.
C:\DOCUME~1\USER\My Documents\Azureus Downloads\Trillian Pro 3.1.9.0\Crack.rar moved successfully.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\FREE GIFT FOR LOST FANS.html not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Gagner argent facile.html not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\Read Me.txt not found.
File/Folder C:\DOCUME~1\USER\My Documents\Azureus Downloads\WinRar 3.71 final + keygen (Works 100% )\wrar371.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\VBE\MSForms.exd scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\21.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\22.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\AcrEE56.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\AcrEE57.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\dia--0.96.1.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_FTeGqBZmGr8yHMh4ZL36 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_GigEkkcaYE5eD0aiyrqD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_GigEkkcaYE5eD0aiyrqD-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~DF1AF4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~DF82E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~DF8EA8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~DFE415.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~ROMFN_00000124 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\~ROMFN_00000490 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETA032.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03042009_180221

Files moved on Reboot...
C:\DOCUME~1\USER\LOCALS~1\Temp\VBE\MSForms.exd moved successfully.
File C:\DOCUME~1\USER\LOCALS~1\Temp\21.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\22.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\AcrEE56.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\AcrEE57.tmp not found!
C:\DOCUME~1\USER\LOCALS~1\Temp\dia--0.96.1.log moved successfully.
File C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_FTeGqBZmGr8yHMh4ZL36 not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_GigEkkcaYE5eD0aiyrqD not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_GigEkkcaYE5eD0aiyrqD-journal not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\Perflib_Perfdata_5c0.dat not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~DF1AF4.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~DF82E7.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~DF8EA8.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~DFE415.tmp not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~ROMFN_00000124 not found!
File C:\DOCUME~1\USER\LOCALS~1\Temp\~ROMFN_00000490 not found!
C:\WINDOWS\temp\JETA032.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_b0.dat not found!
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ovyyv041.default\urlclassifier3.sqlite moved successfully.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 07:20 PM

Hi,

Please run LOPSD with option 1 again and post the log it produces.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 0verwhelming

0verwhelming
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 04 March 2009 - 10:01 PM

Here you go, sir:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU T7500 @ 2.20GHz )
BIOS : Ver 1.00PARTTBLx
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : AVG Firewall 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:93 Go (Free:3 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 03/04/2009|21:50 )

--------------------\\ Listing folders in APPLIC~1

[06/10/2008|12:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[01/29/2009|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/28/2009|06:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/01/2008|03:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/07/2008|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/11/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[03/04/2009|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[01/01/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[01/01/2009|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[04/21/2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DRM
[11/03/2008|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[02/23/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IJJIGame
[01/18/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software
[01/18/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Insight Software Solutions
[06/20/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/07/2008|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/01/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lenovo
[01/16/2008|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[01/16/2008|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[02/20/2009|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/02/2008|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/11/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/14/2009|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MiKTeX
[03/03/2009|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[09/09/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[06/20/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[02/27/2009|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/20/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[06/20/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[07/25/2008|09:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/26/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[06/11/2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[07/12/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VanDyke
[01/01/2008|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/01/2008|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/22/2009|06:44] C:\DOCUME~1\USER\APPLIC~1\<DIR> Adobe
[01/14/2008|09:48] C:\DOCUME~1\USER\APPLIC~1\<DIR> Apple Computer
[03/01/2009|05:53] C:\DOCUME~1\USER\APPLIC~1\<DIR> Azureus
[06/03/2008|05:12] C:\DOCUME~1\USER\APPLIC~1\<DIR> DivX
[12/26/2008|05:08] C:\DOCUME~1\USER\APPLIC~1\<DIR> dvdcss
[06/04/2008|03:40] C:\DOCUME~1\USER\APPLIC~1\<DIR> GlobalSCAPE
[03/04/2009|12:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> gtk-2.0
[02/10/2008|12:24] C:\DOCUME~1\USER\APPLIC~1\<DIR> Helios
[01/01/2009|04:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Help
[01/01/2008|02:31] C:\DOCUME~1\USER\APPLIC~1\<DIR> Identities
[06/12/2008|10:12] C:\DOCUME~1\USER\APPLIC~1\<DIR> IDMComp
[12/20/2008|06:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> ijjigame
[06/11/2008|12:50] C:\DOCUME~1\USER\APPLIC~1\<DIR> InstallShield
[01/24/2009|11:17] C:\DOCUME~1\USER\APPLIC~1\<DIR> Leadertech
[01/01/2008|03:02] C:\DOCUME~1\USER\APPLIC~1\<DIR> Lenovo
[01/01/2008|12:44] C:\DOCUME~1\USER\APPLIC~1\<DIR> Macromedia
[02/20/2009|11:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Malwarebytes
[11/16/2008|01:37] C:\DOCUME~1\USER\APPLIC~1\<DIR> MathWorks
[12/19/2008|04:51] C:\DOCUME~1\USER\APPLIC~1\<DIR> Microsoft
[06/21/2008|02:06] C:\DOCUME~1\USER\APPLIC~1\<DIR> Move Networks
[01/29/2009|05:16] C:\DOCUME~1\USER\APPLIC~1\<DIR> Mozilla
[09/08/2008|04:38] C:\DOCUME~1\USER\APPLIC~1\<DIR> MySQL
[12/07/2008|11:22] C:\DOCUME~1\USER\APPLIC~1\<DIR> Nero
[05/26/2008|10:19] C:\DOCUME~1\USER\APPLIC~1\<DIR> NJStar
[07/28/2008|10:46] C:\DOCUME~1\USER\APPLIC~1\<DIR> Opera
[01/01/2008|12:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> Real
[11/20/2008|07:08] C:\DOCUME~1\USER\APPLIC~1\<DIR> Roxio
[03/02/2009|05:35] C:\DOCUME~1\USER\APPLIC~1\<DIR> Skype
[03/02/2009|04:29] C:\DOCUME~1\USER\APPLIC~1\<DIR> skypePM
[07/14/2008|10:45] C:\DOCUME~1\USER\APPLIC~1\<DIR> SmartFTP
[02/05/2009|07:28] C:\DOCUME~1\USER\APPLIC~1\<DIR> Subversion
[01/19/2008|03:13] C:\DOCUME~1\USER\APPLIC~1\<DIR> Sun
[01/01/2008|03:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Talkback
[06/05/2008|08:33] C:\DOCUME~1\USER\APPLIC~1\<DIR> teamspeak2
[02/27/2009|11:58] C:\DOCUME~1\USER\APPLIC~1\<DIR> U3
[06/11/2008|12:50] C:\DOCUME~1\USER\APPLIC~1\<DIR> Ubisoft
[07/12/2008|09:10] C:\DOCUME~1\USER\APPLIC~1\<DIR> VanDyke
[06/13/2008|04:26] C:\DOCUME~1\USER\APPLIC~1\<DIR> Ventrilo
[01/09/2008|11:22] C:\DOCUME~1\USER\APPLIC~1\<DIR> vlc
[08/24/2008|07:11] C:\DOCUME~1\USER\APPLIC~1\<DIR> webex
[01/01/2008|12:38] C:\DOCUME~1\USER\APPLIC~1\<DIR> WinRAR

[06/22/2008|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/20/2008|10:34] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Adobe
[12/20/2008|10:30] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Identities
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Macromedia
[12/20/2008|11:05] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Microsoft
[12/20/2008|10:34] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Mozilla
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Real
[12/20/2008|10:31] C:\DOCUME~1\USER2\APPLIC~1\<DIR> Roxio

[06/22/2008|07:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[06/10/2008|12:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/22/2008|07:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[06/22/2008|02:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/04/2009 09:42 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-789336058-839522115-1003.job
[02/23/2009 08:00 PM][--a------] C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Brian Lee.job
[02/12/2009 03:33 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/04/2009 06:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/11/2008|12:50] C:\Program Files\<DIR> Add Remove Pro
[07/02/2008|07:28] C:\Program Files\<DIR> Adobe
[01/21/2008|12:33] C:\Program Files\<DIR> Analog Devices
[10/31/2008|09:11] C:\Program Files\<DIR> Apple Software Update
[08/13/2008|10:20] C:\Program Files\<DIR> Audacity
[05/08/2008|07:16] C:\Program Files\<DIR> AVG
[03/04/2009|12:47] C:\Program Files\<DIR> Avira
[02/27/2009|04:03] C:\Program Files\<DIR> Azureus
[07/25/2008|04:49] C:\Program Files\<DIR> BearShare
[01/23/2009|04:25] C:\Program Files\<DIR> Bible
[10/31/2008|09:14] C:\Program Files\<DIR> Bonjour
[02/25/2009|11:14] C:\Program Files\<DIR> Common Files
[01/01/2008|02:11] C:\Program Files\<DIR> ComPlus Applications
[01/01/2008|12:30] C:\Program Files\<DIR> CONEXANT
[12/21/2008|11:39] C:\Program Files\<DIR> CVSNT
[03/01/2009|05:25] C:\Program Files\<DIR> Dia
[03/04/2009|10:23] C:\Program Files\<DIR> Diablo II
[12/21/2008|11:32] C:\Program Files\<DIR> Diablo IIa
[12/20/2008|10:46] C:\Program Files\<DIR> Diablo IIb
[01/01/2008|03:20] C:\Program Files\<DIR> DIFX
[06/02/2008|08:14] C:\Program Files\<DIR> DivX
[01/01/2009|04:49] C:\Program Files\<DIR> e-Sword
[10/09/2008|04:06] C:\Program Files\<DIR> gAlwaysIdle
[06/04/2008|03:38] C:\Program Files\<DIR> GlobalSCAPE
[01/01/2009|10:21] C:\Program Files\<DIR> Google
[06/12/2008|10:12] C:\Program Files\<DIR> IDM Computer Solutions
[01/24/2009|11:13] C:\Program Files\<DIR> InstallShield Installation Information
[06/22/2008|07:16] C:\Program Files\<DIR> InterActual
[02/11/2009|03:01] C:\Program Files\<DIR> Internet Explorer
[01/29/2009|09:37] C:\Program Files\<DIR> iPod
[01/29/2009|09:38] C:\Program Files\<DIR> iTunes
[03/04/2009|08:56] C:\Program Files\<DIR> Java
[06/03/2008|05:01] C:\Program Files\<DIR> jEdit
[05/07/2008|11:51] C:\Program Files\<DIR> Lavasoft
[01/01/2008|02:35] C:\Program Files\<DIR> Lenovo
[01/16/2008|08:45] C:\Program Files\<DIR> Logitech
[02/27/2008|12:48] C:\Program Files\<DIR> Macro Express3
[03/04/2009|08:57] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/30/2008|10:51] C:\Program Files\<DIR> Messenger
[06/10/2008|01:48] C:\Program Files\<DIR> Microsoft
[01/01/2008|12:31] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[01/01/2008|02:15] C:\Program Files\<DIR> microsoft frontpage
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Office
[03/01/2009|02:17] C:\Program Files\<DIR> Microsoft Silverlight
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Visual Studio
[01/01/2008|12:17] C:\Program Files\<DIR> Microsoft Works
[02/14/2009|04:38] C:\Program Files\<DIR> MiKTeX 2.7
[01/11/2009|08:08] C:\Program Files\<DIR> Mobile Partner
[09/30/2008|10:47] C:\Program Files\<DIR> Movie Maker
[03/04/2009|06:13] C:\Program Files\<DIR> Mozilla Firefox
[01/01/2008|12:17] C:\Program Files\<DIR> MSBuild
[07/28/2008|09:17] C:\Program Files\<DIR> MSECACHE
[01/01/2008|02:10] C:\Program Files\<DIR> MSN
[01/01/2008|02:11] C:\Program Files\<DIR> MSN Gaming Zone
[01/01/2008|12:30] C:\Program Files\<DIR> MSXML 4.0
[06/02/2008|12:52] C:\Program Files\<DIR> MySQL
[03/03/2009|12:33] C:\Program Files\<DIR> Nero
[09/30/2008|10:44] C:\Program Files\<DIR> NetMeeting
[05/26/2008|10:15] C:\Program Files\<DIR> NJStar Communicator
[01/24/2009|11:13] C:\Program Files\<DIR> NovaLogic
[01/01/2008|02:11] C:\Program Files\<DIR> Online Services
[07/28/2008|10:46] C:\Program Files\<DIR> Opera
[09/30/2008|10:44] C:\Program Files\<DIR> Outlook Express
[06/11/2008|01:09] C:\Program Files\<DIR> PowerISO
[01/29/2009|09:36] C:\Program Files\<DIR> QuickTime
[01/01/2008|12:42] C:\Program Files\<DIR> Real
[11/14/2008|11:37] C:\Program Files\<DIR> Rotman
[06/20/2008|10:40] C:\Program Files\<DIR> Roxio
[07/12/2008|09:10] C:\Program Files\<DIR> SecureFX
[02/27/2009|11:57] C:\Program Files\<DIR> Skype
[07/13/2008|02:16] C:\Program Files\<DIR> SmartCVS
[07/14/2008|10:45] C:\Program Files\<DIR> SmartFTP Client
[07/14/2008|10:44] C:\Program Files\<DIR> SmartFTP Client 3.0 Setup Files
[06/20/2008|10:32] C:\Program Files\<DIR> SmartSound Software
[02/11/2009|11:57] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/04/2009|06:13] C:\Program Files\<DIR> Steam
[02/05/2009|07:17] C:\Program Files\<DIR> Sun
[01/01/2008|12:31] C:\Program Files\<DIR> Synaptics
[06/05/2008|08:33] C:\Program Files\<DIR> Teamspeak2_RC2
[02/27/2009|01:37] C:\Program Files\<DIR> TeXnicCenter
[02/27/2009|11:59] C:\Program Files\<DIR> TeXnicCenter(2)
[02/10/2008|12:23] C:\Program Files\<DIR> TextPad 5
[03/04/2009|10:34] C:\Program Files\<DIR> Trend Micro
[03/04/2009|12:19] C:\Program Files\<DIR> Trillian
[06/11/2008|12:50] C:\Program Files\<DIR> Ubisoft
[01/01/2008|02:31] C:\Program Files\<DIR> Uninstall Information
[01/01/2008|03:47] C:\Program Files\<DIR> Ventrilo
[01/01/2008|03:39] C:\Program Files\<DIR> VideoLAN
[02/22/2008|01:39] C:\Program Files\<DIR> WebNotes
[06/11/2008|01:31] C:\Program Files\<DIR> Windows Installer Clean Up
[01/01/2008|03:59] C:\Program Files\<DIR> Windows Live
[09/30/2008|10:48] C:\Program Files\<DIR> Windows Media Player
[09/30/2008|10:44] C:\Program Files\<DIR> Windows NT
[01/01/2008|02:13] C:\Program Files\<DIR> WindowsUpdate
[01/01/2008|12:40] C:\Program Files\<DIR> WinRAR
[01/01/2008|02:15] C:\Program Files\<DIR> xerox
[01/01/2008|12:48] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/09/2008|10:46] C:\Program Files\Common Files\<DIR> Adobe
[01/29/2009|09:37] C:\Program Files\Common Files\<DIR> Apple
[11/21/2008|10:19] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[01/01/2008|12:17] C:\Program Files\Common Files\<DIR> DESIGNER
[02/23/2008|10:23] C:\Program Files\Common Files\<DIR> INCA Shared
[02/23/2008|10:47] C:\Program Files\Common Files\<DIR> Insight Software Solutions
[06/20/2008|10:32] C:\Program Files\Common Files\<DIR> InstallShield
[01/19/2008|03:12] C:\Program Files\Common Files\<DIR> Java
[01/01/2008|02:35] C:\Program Files\Common Files\<DIR> Lenovo
[01/16/2008|08:49] C:\Program Files\Common Files\<DIR> LogiShrd
[01/01/2008|01:42] C:\Program Files\Common Files\<DIR> Macrovision Shared
[08/08/2008|02:03] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/01/2008|02:12] C:\Program Files\Common Files\<DIR> MSSoap
[03/03/2009|12:45] C:\Program Files\Common Files\<DIR> Nero
[12/31/2007|09:00] C:\Program Files\Common Files\<DIR> ODBC
[01/01/2008|12:43] C:\Program Files\Common Files\<DIR> Real
[06/20/2008|10:39] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/01/2008|02:12] C:\Program Files\Common Files\<DIR> Services
[02/27/2009|11:57] C:\Program Files\Common Files\<DIR> Skype
[06/20/2008|10:39] C:\Program Files\Common Files\<DIR> Sonic Shared
[12/31/2007|09:00] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/31/2008|01:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/30/2008|10:44] C:\Program Files\Common Files\<DIR> System
[01/01/2008|03:59] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[05/07/2008|11:50] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/01/2008|12:43] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\USER\Cookies\brian_lee@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 21:51:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\LVEhNnmp.ini
C:\WINDOWS\system32\LVEhNnmp.ini2
C:\WINDOWS\system32\SsuDffii.ini2
==> VUNDO <==



[F:7][D:2]-> C:\DOCUME~1\USER\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\USER\Cookies
[F:484][D:4]-> C:\DOCUME~1\USER\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 03/04/2009|15:16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Wed 03/04/2009|21:53 - Option : [1]

--------------------\\ Scan completed at 21:53:20

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:40 AM

Posted 04 March 2009 - 10:24 PM

Hi 0verwhelming,

Since you are still heavily infected, we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Avira Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Avira Antivirus:  
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.


We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 05 March 2009 - 10:14 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users