Thread: Pop ups and trojans, low memory
View Single Post
Old 11-10-2008, 07:53 PM   #6 (permalink)
maddog2018
Registered User
 
Join Date: May 2007
Posts: 26
OS: xp


Re: Pop ups and trojans, low memory
Regarding your question about antivirus program, I do not know what happened. It must have expired. I thought the microsoft package was in place. A month ago, I posted here and had difficulty downloading the recommended fixes. I turned off security to allow downloads. Still, did not work, but failed to reactivate security. Also, I did not know the importance of keeping java updated, despite reminders. I want to maintain security of my computer, and will be more vigilant. Thanks for your assistance this time. I have posted the logs you requested.

I used the Avira program for antivirus and will make sure that it stays active. I think computer is working properly but have not used it much since running the scans. I will follow up if there seems to still be a problem.


ComboFix 08-11-09.04 - Randy Maddox 2008-11-10 16:33:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.152 [GMT -5:00]
Running from: c:\documents and settings\Randy Maddox\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randy Maddox\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\afisicx.exe
c:\windows\system32\dbi102.dll
c:\windows\system32\mabidwe.exe
c:\windows\system32\noytcyr.exe
c:\windows\system32\roytctm.exe
c:\windows\system32\solewxte.exe
c:\windows\system32\soxpeca.exe
c:\windows\system32\tdydowkc.exe c:\windows\system32\wsldoekd.exe c:\windows\system32\drivers\hpfxbulk.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\Install.txt
c:\windows\system32\mabidwe.exe
c:\windows\system32\noytcyr.exe
c:\windows\system32\roytctm.exe
c:\windows\system32\solewxte.exe
c:\windows\system32\soxpeca.exe
c:\windows\system32\tdydowkc.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wsldoekd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_NOYTCYR
-------\Legacy_ROYTCTM
-------\Legacy_SOLEWXTE
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_UXRJNHMC
-------\Legacy_WSLDOEKD
-------\Service_afisicx
-------\Service_HPFXBULK
-------\Service_mabidwe
-------\Service_noytcyr
-------\Service_roytctm
-------\Service_solewxte
-------\Service_soxpeca
-------\Service_tdydowkc
-------\Service_wsldoekd


((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-05 10:01 . 2008-11-05 10:01 <DIR> d-------- C:\rsit
2008-11-05 09:34 . 2008-11-05 09:41 250 --a------ c:\windows\gmer.ini
2008-10-23 22:43 . 2008-10-15 11:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-14 23:20 . 2008-09-08 05:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 23:19 . 2008-08-14 05:11 2,189,184 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 23:19 . 2008-08-14 05:09 2,145,280 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 23:19 . 2008-08-14 04:33 2,066,048 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 23:19 . 2008-08-14 04:33 2,023,936 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 23:19 . 2008-09-15 07:12 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 19:22 --------- d-----w c:\program files\EZ-FilingNew
2008-11-10 16:25 --------- d-----w c:\documents and settings\Randy Maddox\Application Data\AdobeUM
2008-10-24 20:12 --------- d-----w c:\program files\QUICKENW
2008-09-30 12:25 --------- d-----w c:\program files\DYMO Label
2008-06-27 14:13 56,912 ----a-w c:\documents and settings\Randy Maddox\g2mdlhlpx.exe
2004-10-11 23:46 205,312 ----a-w c:\program files\ltefx13n.dll
2004-01-19 18:31 153,600 ----a-w c:\program files\ltfil13n.DLL
2004-01-19 17:31 27,648 ----a-w c:\program files\lfiff13n.dll
2004-01-19 17:31 20,480 ----a-w c:\program files\lfCUT13n.dll
2004-01-19 16:31 453,120 ----a-w c:\program files\ltkrn13n.dll
2004-01-19 16:12 89,600 ----a-w c:\program files\Lfcgm13n.dll
2004-01-19 15:49 278,016 ----a-w c:\program files\LFJ2K13n.dll
2004-01-19 15:49 180,736 ----a-w c:\program files\Lfpng13n.dll
2004-01-19 15:47 76,800 ----a-w c:\program files\Lfwmf13n.dll
2004-01-19 15:47 509,440 ----a-w c:\program files\LFCMW13n.dll
2004-01-19 15:45 420,352 ----a-w c:\program files\LFCMP13n.DLL
2004-01-19 15:44 143,872 ----a-w c:\program files\lftif13n.dll
2004-01-19 15:36 65,536 ----a-w c:\program files\Lfpct13n.dll
2004-01-19 15:36 56,832 ----a-w c:\program files\lfpsd13n.dll
2004-01-19 15:36 26,624 ----a-w c:\program files\lfpcx13n.dll
2004-01-19 15:36 19,968 ----a-w c:\program files\lfpcd13n.dll
2004-01-19 15:36 18,944 ----a-w c:\program files\lfmsp13n.dll
2004-01-19 15:35 20,992 ----a-w c:\program files\lfimg13n.dll
2004-01-19 15:35 18,944 ----a-w c:\program files\lfmac13n.dll
2004-01-19 15:34 31,744 ----a-w c:\program files\lfclp13n.dll
2004-01-19 15:34 30,208 ----a-w c:\program files\lfbmp13n.dll
2004-01-19 15:33 444,928 ----a-w c:\program files\ltimg13n.dll
2004-01-19 15:32 265,216 ----a-w c:\program files\LTDIS13n.dll
2000-05-02 08:17 212,480 ----a-w c:\program files\PCDLIB32.DLL
1999-11-19 03:00 284,032 ----a-w c:\program files\XceedZip.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 57,344 --sha-w c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-12 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-22 151597]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"PfuSsSct.exe"="c:\program files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 110592]
"CardMinder"="c:\program files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe" [2004-02-17 36864]
"Pdfquickview"="c:\program files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe" [2003-12-22 32768]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-12 11776]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-23 618496]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

c:\documents and settings\Randy Maddox\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-04-13 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-09 972064]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2004-08-02 712704]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\ProDoc\\ProWin.Exe"=
"c:\\ProDoc\\prosend.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-05-16 759072]
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 17:12]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 16:45:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PFU\ScanSnap\CardMinder V2.0\bcd_file\SbCRece.exe
.
**************************************************************************
.
Completion time: 2008-11-10 16:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 21:58:50
ComboFix2.txt 2008-11-10 2014
ComboFix3.txt 2007-06-21 16:35:24

Pre-Run: 8,572,497,920 bytes free
Post-Run: 8,575,385,600 bytes free

196 --- E O F --- 2008-10-24 07:01:32





Avira AntiVir Personal
Report file date: Monday, November 10, 2008 17:30

Scanning for 1024586 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: RANDY

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 10/30/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 22:27:58
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 22:28:02
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 11/9/2008 22:28:02
ANTIVIR3.VDF : 7.1.0.65 52736 Bytes 11/10/2008 22:28:03
Engineversion : 8.2.0.29
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 17:05:56
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 11/10/2008 22:28:13
AESCN.DLL : 8.1.1.5 123251 Bytes 11/10/2008 22:28:12
AERDL.DLL : 8.1.1.3 438645 Bytes 11/10/2008 22:28:11
AEPACK.DLL : 8.1.3.3 393591 Bytes 11/10/2008 22:28:10
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/10/2008 22:28:09
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/10/2008 22:28:09
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/10/2008 22:28:06
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/10/2008 22:28:06
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 17:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/10/2008 22:28:04
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/10/2008 22:28:03
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, November 10, 2008 17:30

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ADService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'PfuSsMon.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'TransferAgent.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'SbCRece.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'mim.exe' - '1' Module(s) have been scanned
Scan process 'NetworkLicenseServer.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'MMDiag.exe' - '1' Module(s) have been scanned
Scan process 'Hpi_monitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'pdfquickview.exe' - '1' Module(s) have been scanned
Scan process 'CardLauncher.exe' - '1' Module(s) have been scanned
Scan process 'PfuSsSct.exe' - '1' Module(s) have been scanned
Scan process 'ADUserMon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'mm_tray.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
58 processes with 58 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\DOCUME~1\RANDYM~1\LOCALS~1\Temp\WowInitcode.dll.vir
[DETECTION] Is the TR/PSW.54260 Trojan
[NOTE] The file was moved to '498fdfb9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dbi102.dll.vir.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4981dfb3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\macidwe.exe.vir
[DETECTION] Is the TR/Agent.zem Trojan
[NOTE] The file was moved to '497bdfc1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\oduxftw.sys.vir
[DETECTION] Is the TR/Click.VB.brv.2 Trojan
[NOTE] The file was moved to '498ddfcb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sobicyt.exe.vir
[DETECTION] Is the TR/Agent.zbc Trojan
[NOTE] The file was moved to '497adfe0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\solewxte.exe.vir
[DETECTION] Is the TR/Agent.aebz Trojan
[NOTE] The file was moved to '4984dfe6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\__c003CBD1.dat.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '497bdfd7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\~.exe.vir
[DETECTION] Is the TR/Dldr.Agent.ajzq Trojan
[NOTE] The file was moved to '497ddfa7.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1888\A0160272.old
[DETECTION] Is the TR/Dldr.Delf.ogu Trojan
[NOTE] The file was moved to '4949dfae.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1889\A0160277.old
[DETECTION] Is the TR/Dldr.Delf.oif Trojan
[NOTE] The file was moved to '4949dfb0.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1889\A0160278.old
[DETECTION] Is the TR/Dldr.Delf.oka Trojan
[NOTE] The file was moved to '4d7c8211.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1901\A0160544.old
[DETECTION] Is the TR/Clicker.LA Trojan
[NOTE] The file was moved to '4949dfca.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1904\A0160577.exe
[DETECTION] Is the TR/Agent.ackj Trojan
[NOTE] The file was moved to '4949dfd0.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1904\A0160578.exe
[DETECTION] Is the TR/Agent.adjn Trojan
[NOTE] The file was moved to '4d7c8271.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1905\A0160592.old
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '4949dfd2.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1926\A0169860.old
[DETECTION] Is the TR/Refpron.B Trojan
[NOTE] The file was moved to '4949e008.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1927\A0169887.old
[DETECTION] Is the TR/Click.VB.cdm Trojan
[NOTE] The file was moved to '4949e00a.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169890.exe
[DETECTION] Is the TR/Agent.abat Trojan
[NOTE] The file was moved to '4949e00c.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169891.exe
[DETECTION] Is the TR/Agent.abat Trojan
[NOTE] The file was moved to '4d7cbdad.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169892.exe
[DETECTION] Is the TR/Agent.aaxn Trojan
[NOTE] The file was moved to '4949e00e.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169893.exe
[DETECTION] Is the TR/Agent.acku Trojan
[NOTE] The file was moved to '4949e00d.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169894.exe
[DETECTION] Is the TR/Agent.abbe Trojan
[NOTE] The file was moved to '4d7cbdae.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169895.exe
[DETECTION] Is the TR/Agent.abbe Trojan
[NOTE] The file was moved to '4949e00f.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169896.exe
[DETECTION] Is the TR/Agent.adfl Trojan
[NOTE] The file was moved to '4d7cbdaf.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169897.exe
[DETECTION] Is the TR/Agent.acid Trojan
[NOTE] The file was moved to '4949e010.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169898.exe
[DETECTION] Is the TR/Agent.abay Trojan
[NOTE] The file was moved to '4d7cbdb1.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169899.exe
[DETECTION] Is the TR/Agent.abav Trojan
[NOTE] The file was moved to '4d7cbdb0.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169900.exe
[DETECTION] Is the TR/Agent.aclf Trojan
[NOTE] The file was moved to '4949e011.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169901.exe
[DETECTION] Is the TR/Agent.aaxn.1 Trojan
[NOTE] The file was moved to '4949e012.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169902.exe
[DETECTION] Is the TR/Agent.zen Trojan
[NOTE] The file was moved to '4d7cbdb3.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169903.exe
[DETECTION] Is the TR/Meredrop.AI Trojan
[NOTE] The file was moved to '4949e014.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169904.sys
[DETECTION] Is the TR/Click.VB.bqs Trojan
[NOTE] The file was moved to '4d7cbdb2.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169905.sys
[DETECTION] Is the TR/Click.VB.bpf Trojan
[NOTE] The file was moved to '4949e013.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169906.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4d7cbdb4.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169907.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4d7cbdb5.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169908.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4949e016.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169909.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4d7cbdb7.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169910.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4949e018.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169911.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4949e015.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169912.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4d7cbdb6.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169913.dll
[DETECTION] Is the TR/PSW.OnLineGa.OCJ Trojan
[NOTE] The file was moved to '4949e017.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169914.old
[DETECTION] Is the TR/Agent.274944.C Trojan
[NOTE] The file was moved to '4d7cbdb9.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169924.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4d7cbdb8.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1928\A0169925.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4949e019.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1938\A0169990.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4949e026.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\A0170006.exe
[DETECTION] Is the TR/Agent.zem Trojan
[NOTE] The file was moved to '4949e028.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\A0170007.exe
[DETECTION] Is the TR/Agent.alsp Trojan
[NOTE] The file was moved to '4949e029.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\A0170008.sys
[DETECTION] Is the TR/Click.VB.brv.2 Trojan
[NOTE] The file was moved to '4d7cbd8a.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\A0170010.exe
[DETECTION] Is the TR/Agent.zbc Trojan
[NOTE] The file was moved to '4949e02b.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\A0170018.exe
[DETECTION] Is the TR/Dldr.Agent.ajzq Trojan
[NOTE] The file was moved to '4949e02a.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1939\snapshot\MFEX-1.DAT
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495de046.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1940\A0170105.exe
[DETECTION] Is the TR/Agent.aebz Trojan
[NOTE] The file was moved to '4949e032.qua'!
C:\WINDOWS\SYSTEM32\fduvfct.sys
[DETECTION] Is the TR/Click.VB.btw Trojan
[NOTE] The file was moved to '498de492.qua'!
C:\WINDOWS\SYSTEM32\tmp0_462886265468.bk.old
[DETECTION] Is the TR/Agent.mta.274944 Trojan
[NOTE] The file was moved to '4988e4d6.qua'!
C:\WINDOWS\SYSTEM32\tmp0_582751252004.bk.old
[DETECTION] Is the TR/Dldr.Delf.oda Trojan
[NOTE] The file was moved to '4988e4d7.qua'!
C:\WINDOWS\SYSTEM32\tmp2_840081179240.bk.old
[DETECTION] Is the TR/Dldr.Delf.oda Trojan
[NOTE] The file was moved to '4dbcb2d8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_102495353302.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4d8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_103708220738.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2d9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_105210521411.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4d9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_111647127121.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2da.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_114806391773.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4db.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_136005377602.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4da.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_139854150801.bk
[DETECTION] Is the TR/Agent.46080.F Trojan
[NOTE] The file was moved to '4dbcb2db.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_140592630741.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2dc.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_143458128076.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4dd.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_146113200683.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2de.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_14873424408.bk
[DETECTION] Is the TR/Delf.ffb.4 Trojan
[NOTE] The file was moved to '4988e4dc.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_149181801898.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2dd.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_151653790164.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4de.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_154204675973.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4df.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_161924341933.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e0.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_166030860147.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e1.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_181512432517.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2df.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_20339518008.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e0.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_205387464841.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e1.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_214106403739.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e2.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_216448485396.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e3.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_225695338950.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e2.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_228902439693.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e3.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_24445714047.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e4.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_246174593755.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e5.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_247555723994.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e4.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_25383175518.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e5.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_255124299597.bk
[DETECTION] Is the TR/Drop.Delf.MT.48 Trojan
[NOTE] The file was moved to '4dbcb2e6.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_258951658822.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e6.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_262891199136.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e7.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_264448809166.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_283149409571.bk
[DETECTION] Is the TR/Agent.amjf Trojan
[NOTE] The file was moved to '4988e4e9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_29652248883.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2ea.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_296561554417.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2e7.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_312871200166.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4e8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_31923347798.bk
[DETECTION] Is the TR/Delf.ffb.4 Trojan
[NOTE] The file was moved to '4dbcb2e9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_323518891601.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4eb.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_324661405196.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2ec.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_325182238637.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4ed.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_3302975716.bk
[DETECTION] Is the TR/Drop.Del.MTA.461 Trojan
[NOTE] The file was moved to '4dbcb2ee.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_332605604384.bk
[DETECTION] Is the TR/Agent.also Trojan
[NOTE] The file was moved to '4988e4ea.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_346250680724.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2eb.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_350623428892.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4ec.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_357477770053.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4ef.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_37408280819.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2f0.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_376848610466.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f1.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_380519586529.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2f2.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_38483711772.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2ed.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_387826403383.bk
[DETECTION] Is the TR/Drop.Delf.M.1460 Trojan
[NOTE] The file was moved to '4988e4f3.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_391102316927.bk
[DETECTION] Is the TR/Agent.alsn Trojan
[NOTE] The file was moved to '4dbcb2f4.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_394467538494.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f5.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_39630059755.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4ee.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_402436500408.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4dbcb2f6.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_404378801462.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8f7.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_410830793143.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8f9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_423076235380.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8fb.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_434124172518.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_439277286557.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ea.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_44427279682.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ec.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_446277325521.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ee.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_462874514006.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f0.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_463062735728.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_47945483945.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f2.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_498870888907.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f7.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_502503563213.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e0.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_506730371918.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f9.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_516461808434.bk
[DETECTION] Is the TR/Delf.Agent.SD Trojan
[NOTE] The file was moved to '488df8e2.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_516666117939.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8eb.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_523996759005.bk
[DETECTION] Is the TR/Drop.Delf.MT.48 Trojan
[NOTE] The file was moved to '4988e4f4.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_537917337666.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ed.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_552617443224.bk
[DETECTION] Is the TR/Dldr.Delf.OZM Trojan
[NOTE] The file was moved to '4988e4fb.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_555886818529.bk
[DETECTION] Is the TR/Delf.ffb.4 Trojan
[NOTE] The file was moved to '488df8e4.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_557366601451.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f6.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_55768140761.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ef.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_558452370450.bk
[DETECTION] Is the TR/Agent.also Trojan
[NOTE] The file was moved to '488df8f1.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_56522784462.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8f3.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_57009214539.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4fd.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_572405483892.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e6.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_57834725294.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4ff.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_586004306838.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df918.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_587224457331.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8f5.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_591187856881.bk
[DETECTION] Is the TR/Agent.alsn Trojan
[NOTE] The file was moved to '488df8fd.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_595213758636.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8ff.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_597204305469.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e501.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_624147611736.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df91a.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_626349329461.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e503.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_627254159795.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df91c.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_63623925865.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4f8.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_648430741400.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e1.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_649700103641.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4fa.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_656511616110.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e3.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_659644598804.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e505.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_662041808789.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df91e.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_669554810190.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e507.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_684635771113.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4fc.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_688962265887.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e5.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_69712727003.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e4fe.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_706926453944.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df910.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_712485878850.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e509.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_713145539090.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df912.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_717274642611.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df8e7.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_721547500934.bk
[DETECTION] Is the TR/Drop.Del.MTA.463 Trojan
[NOTE] The file was moved to '4988e518.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_72238799839.bk
[DETECTION] Is the TR/Dldr.Delf.OZM Trojan
[NOTE] The file was moved to '488df901.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_725205465436.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e51a.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_734836661330.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e50b.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_73627436476.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df914.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_737569637081.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e50d.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_745058334257.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df903.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_753096514405.bk
[DETECTION] Is the TR/Drop.Delf.MT.48 Trojan
[NOTE] The file was moved to '4988e51c.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_755425330566.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df905.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_75855640940.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e51e.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_77165959275.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df916.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_77624876730.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e50f.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_78404586888.bk
[DETECTION] Is the TR/Delf.Agent.SA Trojan
[NOTE] The file was moved to '488df908.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_79279881218.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e511.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_80355446801.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e500.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_803909711468.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df919.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_811772707353.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e502.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_82035806139.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df90a.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_823188194136.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e513.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_841448146960.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df90c.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_867074709655.bk
[DETECTION] Is the TR/Drop.Delf.M.2465 Trojan
[NOTE] The file was moved to '488df91b.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_871402714666.bk
[DETECTION] Is the TR/Agent.46080.F Trojan
[NOTE] The file was moved to '4988e504.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_874532363172.bk
[DETECTION] Is the TR/Drop.Del.MTA.455 Trojan
[NOTE] The file was moved to '488df91d.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_875999683759.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e506.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_877301134348.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e515.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_895576349758.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df90e.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_93949271854.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4988e517.qua'!
C:\WINDOWS\SYSTEM32\tmpxr_9534594979.bk
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '488df91f.qua'!
C:\WINDOWS\SYSTEM32\udxfytw.sys
[DETECTION] Is the TR/Agent.akyk.2 Trojan
[NOTE] The file was moved to '4990e4fc.qua'!
C:\WINDOWS\SYSTEM32\xdufytw.sys
[DETECTION] Is the TR/Click.VB.bzk Trojan
[NOTE] The file was moved to '498de50c.qua'!
C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
[DETECTION] Contains recognition pattern of the W95/Blumblebee.1738 Windows virus
[NOTE] The file was moved to '4983e51e.qua'!
Begin scan in 'F:\' <My Book>


End of the scan: Monday, November 10, 2008 20:56
Used time: 3:26:04 Hour(s)

The scan has been done completely.

14676 Scanning directories
314378 Files were scanned
188 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
188 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
314188 Files not concerned
3511 Archives were scanned
2 Warnings
188 Notes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:53 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PFU\ScanSnap\CardMinder V2.0\bcd_file\SbCRecE.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Randy Maddox\Desktop\HJT\Randy Maddox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [CardMinder] C:\Program Files\PFU\ScanSnap\CardMinder V2.0\CardLauncher.exe
O4 - HKLM\..\Run: [Pdfquickview] C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.7.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136410335562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activ...v2.0.0.10.cab?
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11065 bytes
maddog2018 is offline