Norton being attacked by a virus

datvakid703 · 12-28-2007, 05:27 PM

Recently when i got on the computer, symentec keeps popping up saying it blocked a certain type of e-mail for some reason from being sent. It does this multiple times, about 50 messages in 10 seconds, and it does it tell norton crashes altogether. I ran virus scans but norton doesnt find anything.

Deckards main

Quote:

Deckard's System Scanner v20071014.68
Run by Alex Sykes on 2007-12-28 17:19:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
126: 2007-12-28 22:19:16 UTC - RP216 - Deckard's System Scanner Restore Point
125: 2007-12-28 13:32:02 UTC - RP215 - System Checkpoint
124: 2007-12-27 03:24:42 UTC - RP214 - System Checkpoint
123: 2007-12-24 23:13:17 UTC - RP213 - System Checkpoint
122: 2007-12-23 22:43:45 UTC - RP212 - System Checkpoint

-- First Restore Point --
1: 2007-12-22 22:35:16 UTC - RP91 -

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Alex Sykes.exe) ------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-28 17:25:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\WINDOWS\mgrs.exe
G:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Mozilla Firefox 2 Beta 1\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alex Sykes\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://amch.questionmarket.com/adscg...s_up=60&type=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21A70D59-B935-4E16-89DD-BF28DDB12925} - (no file)
O2 - BHO: (no name) - {3401DB32-7F00-4EC7-A890-A75F64973843} - C:\WINDOWS\system32\fccywur.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: {ade5e4df-4ea7-c788-2d04-b363869bca86} - {68acb968-363b-40d2-887c-7ae4fd4e5eda} - C:\WINDOWS\system32\cmmmssmg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {B14354C1-7701-4F98-A99D-8D5855C80F0B} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper8.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [68b0c3e3] rundll32.exe "C:\WINDOWS\system32\jfchbxkl.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RocketDock] "C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe"
O4 - Global Startup: WinCinema Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = G:\Redirector.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {1A9897FA-2946-47E3-B784-B51C106046A9} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button: (no name) - {4094C4BB-2629-47C6-9C8E-16801C3FAC6B} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://gsvaresa07.er.usgs.gov/qp2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://gsvaresm05.er.usgs.gov/iNotes6W.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_15) - http://java.sun.com/products/plugin/...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: fccywur - C:\WINDOWS\system32\fccywur.dll
O20 - Winlogon Notify: winbug32 - C:\WINDOWS\system32\winbug32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10555 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20071218-172125-137 R3 - Default URLSearchHook is missing
backup-20071218-172125-157 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172125-227 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
backup-20071218-172125-323 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20071218-172125-402 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172125-471 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172125-741 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071218-172125-802 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172125-894 O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
backup-20071218-172125-960 O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20071218-172125-961 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20071218-172637-283 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172637-416 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172637-713 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172637-954 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172718-478 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172718-542 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172718-621 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-172718-813 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-173634-438 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-173634-521 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-173634-658 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20071218-173634-803 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 EraserUtilDrv10733 - c:\program files\common files\symantec shared\eengine\eraserutildrv10733.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 USB22LDR (M-Audio USB MidiSport 2x2 Loader) - c:\windows\system32\drivers\usb22ldr.sys <Not Verified; MIDIMAN; Midiman USB MidiSport 2x2 Loader>
S3 USBMN2X2 (M-Audio USB MidiSport 2x2) - c:\windows\system32\drivers\usbmn2x2.sys <Not Verified; Doug Fetter Software Wizardry; Midiman USB MidiSport 2x2 Midi Interface>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc32.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: PlayLinc Adapter
Device ID: ROOT\NET\0000
Manufacturer: Super Computer Inc.
Name: PlayLinc Adapter
PNP Device ID: ROOT\NET\0000
Service: hamachi_oem

-- Scheduled Tasks -------------------------------------------------------------

2007-12-24 20:00:00 572 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Deborah Sykes.job

-- Files created between 2007-11-28 and 2007-12-28 -----------------------------

2007-12-28 17:04:49 0 d-------- C:\agnis-as
2007-12-28 17:02:41 0 d-------- C:\Program Files\SpywareBlaster
2007-12-28 14:57:34 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-28 14:56:27 8576 --a------ C:\WINDOWS\system32\drivers\qbgnuonxqbtq.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-28 14:55:21 79 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-12-28 14:55:21 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-12-28 14:42:06 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:42:05 0 d-------- C:\WINDOWS\LastGood
2007-12-28 14:22:53 4762112 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-12-28 13:32:13 77888 --a------ C:\WINDOWS\system32\cmmmssmg.dll
2007-12-28 13:32:07 90176 --a------ C:\WINDOWS\system32\jfchbxkl.dll
2007-12-27 12:34:47 0 d--hs---- C:\found.000
2007-12-27 12:26:19 525397 --ahs---- C:\WINDOWS\system32\kjkkj.ini2
2007-12-27 12:25:51 329728 --a------ C:\WINDOWS\system32\jkkjk.dll
2007-12-26 21:37:42 90176 --a------ C:\WINDOWS\system32\siafepnf.dll
2007-12-26 21:34:35 80448 --a------ C:\WINDOWS\system32\vpmqfdch.dll
2007-12-24 02:44:59 114 --a------ C:\tempdel.bat
2007-12-23 11:02:40 4099 --a------ C:\Program Files\spoolsv.exe
2007-12-23 11:02:40 14166 --a------ C:\Program Files\3269.exe
2007-12-22 16:03:52 0 d-------- C:\Program Files\Windows Sidebar
2007-12-22 16:03:52 0 d-------- C:\Program Files\Norton AntiVirus
2007-12-22 16:03:12 0 d-------- C:\Program Files\Symantec
2007-12-22 15:53:40 0 d-------- C:\Program Files\EliteProtector
2007-12-22 15:51:47 19968 --a------ C:\WINDOWS\system32\xlibgfl254.dll
2007-12-22 15:51:47 0 d-------- C:\Documents and Settings\Deborah Sykes\Application Data\ultra
2007-12-22 13:28:27 6589 --ahs---- C:\WINDOWS\system32\fhhkj.ini2
2007-12-22 13:28:05 323072 --a------ C:\WINDOWS\system32\jkhhf.dll
2007-12-20 23:26:48 6649 --ahs---- C:\WINDOWS\system32\uttss.ini2
2007-12-20 23:26:18 338944 --a------ C:\WINDOWS\system32\ssttu.dll
2007-12-20 19

24 12288 --a------ C:\Program Files\93786265.exe
2007-12-20 17:16:31 6709 --ahs---- C:\WINDOWS\system32\hgjlm.ini2
2007-12-20 17:16:02 338944 --a------ C:\WINDOWS\system32\mljgh.dll
2007-12-20 16:35:01 12288 --a------ C:\WINDOWS\mgrs.exe
2007-12-19 14:07:49 11200 --ahs---- C:\WINDOWS\system32\rqtss.ini2
2007-12-19 14:07:15 322560 --a------ C:\WINDOWS\system32\sstqr.dll
2007-12-18 22:15:59 0 d-------- C:\Program Files\SodaBush
2007-12-18 22:15:59 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\SodaBush
2007-12-18 15:39:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-18 15:37:47 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-18 15:37:47 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-18 15:37:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-18 15:37:47 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-18 15:37:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-18 15:37:47 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-18 15:37:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-18 15:37:47 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-18 15:37:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-18 15:37:47 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-18 15:37:47 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-18 15:37:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-18 15:37:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-18 15:37:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-17 22:39:13 0 d-------- C:\Documents and Settings\Derek Sykes\Application Data\Adobe
2007-12-17 22:00:54 0 d-------- C:\Program Files\Helper
2007-12-17 22:00:52 2 --a------ C:\1756414796
2007-12-17 22:00:49 495 --a------ C:\WINDOWS\system32\winsms.dll
2007-12-17 22:00:48 54114 --a------ C:\WINDOWS\system32\xpdx.sys
2007-12-17 22:00:21 38912 --a------ C:\WINDOWS\system32\fccywur.dll
2007-12-17 21:54:16 0 d-------- C:\Program Files\Autodesk
2007-12-17 21:54:12 12464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS <Not Verified; Macrovision Europe Ltd; Security Windows NT>
2007-12-17 21:54:12 54784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE <Not Verified; Macrovision; SafeCast Windows NT>
2007-12-17 21:54:12 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 21:53:09 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-12-17 21:52:17 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-17 21:52:17 0 d-------- C:\Program Files\AutoCAD 2004
2007-12-17 21:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-17 21:52:17 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\Autodesk
2007-12-17 14

20 22528 --a------ C:\WINDOWS\system32\winbug32.dll
2007-12-09 18:16:56 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 00:01:06 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\TVU Networks
2007-12-09 00:01:00 0 d-------- C:\Program Files\TVUPlayer
2007-12-08 23:35:00 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\SopCast
2007-12-08 21:51:40 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-12-08 21:49:55 0 d-------- C:\Documents and Settings\Deborah Sykes\Application Data\Sun
2007-12-08 21:49:09 0 d-------- C:\Program Files\Java
2007-12-08 21:48:34 0 d-------- C:\Program Files\Common Files\Java
2007-12-08 14:48:15 0 d-------- C:\Program Files\Finale 2006
2007-12-06 22:40:24 0 d-------- C:\Program Files\Yahoo!
2007-12-06 15:36:11 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\Uniblue
2007-12-06 14:39:38 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-12-06 14:39:36 0 d-------- C:\Program Files\Stardock
2007-12-06 14:13:53 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-06 14:10:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-12-06 14

15 0 d-------- C:\Program Files\filesubmit
2007-12-05 22:54:48 0 d-------- C:\Program Files\BitComet Acceleration Patch
2007-12-05 22:50:51 0 d-------- C:\Program Files\BitComet Turbo Accelerator
2007-12-04 22:46:02 0 d-------- C:\Documents and Settings\Alex Sykes\MobiDB

-- Find3M Report ---------------------------------------------------------------

2007-12-28 15:40:19 0 d-------- C:\Program Files\Verizon
2007-12-28 15:32:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-28 15:30:32 0 d-------- C:\Program Files\Common Files\Motive
2007-12-28 15:27:29 0 d-------- C:\Program Files\AIM6
2007-12-22 16:05:12 0 d-------- C:\Program Files\Common Files
2007-12-20 22:56:19 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\Adobe
2007-12-18 22:18:44 172 ---h----- C:\Program Files\desktop.ini
2007-12-06 09:56:23 0 d-------- C:\Program Files\Viewpoint
2007-12-03 21:42:10 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\Move Networks
2007-11-25 14:09:21 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\Goodsol
2007-11-25 00:01:13 0 d-------- C:\Program Files\goodsol
2007-11-23 07:37:47 0 d-------- C:\Program Files\Lx_cats
2007-11-13 22:48:02 4 --a------ C:\WINDOWS\system32\1E89DC
2007-11-13 22:34:52 0 d-------- C:\Program Files\NetworkActiv PIAFCTM 2.2
2007-11-13 22:34:51 16 --a------ C:\WINDOWS\bnsacomm64_c.dll
2007-11-13 06:32:21 0 d-------- C:\Documents and Settings\Alex Sykes\Application Data\U3
2007-10-29 22:29:23 256 --a------ C:\WINDOWS\system32\pool.bin
2007-10-09 16:18:22 282624 -ra------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-10-09 16:18:21 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-09 16:18:20 102400 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-07 10:57:17 115712 --a------ C:\WINDOWS\system32\usbmn2x2.dll <Not Verified; Doug Fetter Software Wizardry; Midiman USB MidiSport 2x2 Midi Interface>
2007-10-07 10:57:16 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-29 01:45:14 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-29 01:29:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-29 00:11:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21A70D59-B935-4E16-89DD-BF28DDB12925}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3401DB32-7F00-4EC7-A890-A75F64973843}]
12/17/2007 10:00 PM 38912 --a------ C:\WINDOWS\system32\fccywur.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68acb968-363b-40d2-887c-7ae4fd4e5eda}]
12/28/2007 01:32 PM 77888 --a------ C:\WINDOWS\system32\cmmmssmg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
12/22/2007 04:05 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B14354C1-7701-4F98-A99D-8D5855C80F0B}]
12/27/2007 12:25 PM 329728 --a------ C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
12/22/2007 03:41 PM 19456 --------- C:\Program Files\Helper\Helper8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [06/06/2007 06:52 PM]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [05/11/2007 02:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 09:43 AM]
"P17Helper"="P17.dll" [06/10/2004 11:51 AM C:\WINDOWS\system32\P17.dll]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [05/11/2005 01:46 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/15/2004 11:01 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 10:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" []
"smgr"="mgrs.exe" [12/22/2007 03:40 PM C:\WINDOWS\mgrs.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/25/2007 12:07 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 11:53 PM]
"68b0c3e3"="C:\WINDOWS\system32\jfchbxkl.dll" [12/28/2007 01:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]
"@"="" []
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [09/18/2007 10:16 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"RocketDock"="C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe" [05/14/2006 10:47 PM]
"UberIcon"="C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe" [02/05/2006 02:20 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [9/25/2007 2:53:07 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/15/2007 9:56:54 PM]
BlackBerry Desktop Redirector.lnk - G:\Redirector.exe [5/2/2007 8:24:48 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3401DB32-7F00-4EC7-A890-A75F64973843}"= C:\WINDOWS\system32\fccywur.dll [12/17/2007 10:00 PM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccywur]
fccywur.dll 12/17/2007 10:00 PM 38912 C:\WINDOWS\system32\fccywur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbug32]
winbug32.dll 12/17/2007 02:06 PM 22528 C:\WINDOWS\system32\winbug32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d01fa2-71f3-11dc-8039-001111b811ac}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ec3bd2-835c-11d5-bfe1-001111b811ac}]
AutoRun\command- F:\setupSNK.exe

*Newly Created Service* - QBGNUONXQBTQ
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK

-- End of Deckard's System Scanner: finished at 2007-12-28 17:26:30 ------------

extra.txt

thank you, i really appreciate it

datvakid703 · 12-28-2007, 05:28 PM

I have an active scan log but its to big to fit in the reply

forhockey · 12-28-2007, 08:42 PM

Hi datvakid703,

You can attach the log by doing the following:

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and then click on Browse
Navigate to the file
Click Upload.

-------------------------------------------------

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Combofix from Here or Alternate link
Disable your real time Anti Virus and Anti Spyware protection programs. Exit the program via the SystemTray icon.
Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan.
When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------
Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it.
Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

--------------------------------------------------------------

datvakid703 · 12-28-2007, 09:22 PM

Combofix

Quote:

ComboFix 07-12-29.3 - Alex Sykes 2007-12-28 22:53:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -5:00]
Running from: C:\Documents and Settings\Alex Sykes\Desktop\ICONS\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Deborah Sykes\Application Data\ultra
C:\Documents and Settings\Deborah Sykes\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Deborah Sykes\Desktop\Find Spyware Remover.lnk
C:\Documents and Settings\Deborah Sykes\Desktop\Free Online Dating.lnk
C:\Documents and Settings\Deborah Sykes\Desktop\Go to Casino.lnk
C:\Program Files\3269.exe
C:\Program Files\eliteprotector
C:\Program Files\Helper
C:\Program Files\Helper\Helper8.dll
C:\Program Files\spoolsv.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\cmmmssmg.dll
C:\WINDOWS\system32\fccywur.dll
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fnpefais.ini
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\jfchbxkl.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\lkxbhcfj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\qdveochb.ini
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\siafepnf.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\vpmqfdch.dll
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\wsinoguc.ini
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\xpdx.sys
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 17:18 . 2007-12-28 17:18 <DIR> d-------- C:\Deckard
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-28 17:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-28 14:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 14:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qbgnuonxqbtq.sys
2007-12-28 14:42 . 2007-12-28 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:42 . 2007-12-28 14:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 14:42 . 2007-12-28 14:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 14:42 . 2007-12-28 14:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 14:22 . 2007-03-01 03:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-12-27 12:34 . 2007-12-27 12:34 <DIR> d--hs---- C:\found.000
2007-12-24 13:49 . 2007-12-26 21:38 1,027,711 --ahs---- C:\WINDOWS\system32\rgrnwaxb.ini
2007-12-24 12:26 . 2007-12-24 12:40 1,010,228 --ahs---- C:\WINDOWS\system32\kvptbwwm.ini
2007-12-24 02:44 . 2007-12-24 02:44 114 --a------ C:\tempdel.bat
2007-12-24 02:16 . 2007-12-24 02:16 1,934,700 --ahs---- C:\WINDOWS\system32\tclusjsk.ini
2007-12-22 16:03 . 2007-12-22 16:03 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-22 16:03 . 2007-12-26 23:57 <DIR> d-------- C:\Program Files\Symantec
2007-12-22 16:03 . 2007-12-28 15:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-22 16:03 . 2007-12-26 23:57 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-22 16:03 . 2007-12-26 23:57 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-22 13:47 . 2007-12-24 02:17 2,404,349 --ahs---- C:\WINDOWS\system32\dilnladt.ini
2007-12-20 19:06 . 2007-12-20 19:06 12,288 --a------ C:\Program Files\93786265.exe
2007-12-18 22:21 . 2007-12-18 22:21 180,506 ---h----- C:\WpxpBackground.bmp
2007-12-18 22:17 . 2007-12-18 22:21 94 ---h----- C:\desktop.ini
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Program Files\SodaBush
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SodaBush
2007-12-17 22:00 . 2007-12-17 22:00 495 --a------ C:\WINDOWS\system32\winsms.dll
2007-12-17 22:00 . 2007-12-17 22:00 2 --a------ C:\1756414796
2007-12-17 21:54 . 2007-12-17 21:54 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 21:54 . 2007-12-17 21:54 <DIR> d-------- C:\Program Files\Autodesk
2007-12-17 21:54 . 2007-12-17 21:54 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-17 21:54 . 2007-12-17 21:54 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-12-17 21:53 . 2007-12-17 21:53 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2007-12-17 21:52 . 2007-12-17 21:53 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-17 21:52 . 2007-12-17 21:53 <DIR> d-------- C:\Program Files\AutoCAD 2004
2007-12-17 21:52 . 2007-12-17 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-17 21:52 . 2007-12-17 21:52 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\Autodesk
2007-12-09 18:16 . 2007-12-09 18:16 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 18:16 . 2007-04-02 00:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8U.DLL
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\TVU Networks
2007-12-08 23:35 . 2007-12-08 23:38 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SopCast
2007-12-08 21:51 . 2007-12-08 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-12-08 21:49 . 2007-12-08 21:49 <DIR> d-------- C:\Program Files\Java
2007-12-08 21:49 . 2007-05-22 17:39 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-08 21:48 . 2007-12-08 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-08 14:48 . 2007-12-08 14:48 <DIR> d-------- C:\Program Files\Finale 2006
2007-12-06 22:40 . 2007-12-06 22:40 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 15:36 . 2007-12-06 15:36 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\Uniblue
2007-12-06 14:40 . 2007-12-06 14:40 82 --a------ C:\WINDOWS\wb.ini
2007-12-06 14:39 . 2007-12-06 14:39 <DIR> d-------- C:\Program Files\Stardock
2007-12-06 14:39 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-06 14:13 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-06 14:06 . 2007-12-28 13:38 <DIR> d-------- C:\Program Files\filesubmit
2007-12-05 23:17 . 2007-12-05 23:17 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-05 22:54 . 2007-12-05 22:54 <DIR> d-------- C:\Program Files\BitComet Acceleration Patch
2007-12-05 22:50 . 2007-12-05 22:50 <DIR> d-------- C:\Program Files\BitComet Turbo Accelerator
2007-12-04 22:46 . 2007-12-04 22:46 <DIR> d-------- C:\Documents and Settings\Alex Sykes\MobiDB
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 23:56 --------- d-----w C:\Documents and Settings\Harry Sykes\Application Data\MSN6
2007-12-28 20:40 --------- d-----w C:\Program Files\Verizon
2007-12-28 20:30 --------- d-----w C:\Program Files\Common Files\Motive
2007-12-28 20:27 --------- d-----w C:\Program Files\AIM6
2007-12-27 17:22 --------- d-----w C:\Documents and Settings\Deborah Sykes\Application Data\MSN6
2007-12-27 04:57 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-27 04:57 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-22 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 03:18 172 ---h--w C:\Program Files\desktop.ini
2007-12-06 14:56 --------- d-----w C:\Program Files\Viewpoint
2007-12-06 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-06 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-06 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-06 04:17 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-04 02:42 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\Move Networks
2007-11-25 19:09 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\Goodsol
2007-11-25 05:01 --------- d-----w C:\Program Files\goodsol
2007-11-23 12:37 --------- d-----w C:\Program Files\Lx_cats
2007-11-14 03:34 --------- d-----w C:\Program Files\NetworkActiv PIAFCTM 2.2
2007-11-13 11:32 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\U3
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 02:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-10-30 02:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-10-09 21:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-09 21:18 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-07 15:57 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-08-03 21:54 0 ----a-w C:\Documents and Settings\Harry Sykes\GoToAssist_phone__317_en.exe
2001-07-28 03:05 92,064 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdm.sys
2001-07-28 03:05 9,232 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdfl.sys
2001-07-28 03:05 79,328 ----a-w C:\Documents and Settings\Alex Sykes\mqdmserd.sys
2001-07-28 03:05 66,656 ----a-w C:\Documents and Settings\Alex Sykes\mqdmbus.sys
2001-07-28 03:05 6,208 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcmnt.sys
2001-07-28 03:05 5,936 ----a-w C:\Documents and Settings\Alex Sykes\mqdmwhnt.sys
2001-07-28 03:05 4,048 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcr.sys
2001-07-28 03:05 25,600 ----a-w C:\Documents and Settings\Alex Sykes\usbsermptxp.sys
2001-07-28 03:05 22,768 ----a-w C:\Documents and Settings\Alex Sykes\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-22 16:05 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"RocketDock"="C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe" [2006-05-14 22:47]
"UberIcon"="C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 14:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"P17Helper"="Rundll32 P17.dll" []
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 01:46]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-12 09:04 C:\WINDOWS\system32\rundll32.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 10:43]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-12 08:56]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-10-07 10:57]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-10-07 10:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d01fa2-71f3-11dc-8039-001111b811ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ec3bd2-835c-11d5-bfe1-001111b811ac}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Deborah Sykes.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 23:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon.dll
-> C:\Documents and Settings\Alex Sykes\My Documents\themes\MouseHook2.dll
.
Completion time: 2007-12-28 23:10:20 - machine was rebooted
.
2007-12-22 08:00:29 --- E O F ---

Hijackthis

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 11:16:57 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AIM6\aim6.exe
G:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
G:\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://amch.questionmarket.com/adscg...s_up=60&type=4
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RocketDock] "C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = G:\Redirector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button:

- {1A9897FA-2946-47E3-B784-B51C106046A9} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button: (no name) - {4094C4BB-2629-47C6-9C8E-16801C3FAC6B} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://gsvaresa07.er.usgs.gov/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://gsvaresm05.er.usgs.gov/iNotes6W.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

my activescan
Activescan.txt

forhockey · 12-30-2007, 06:57 PM

Hi datvakid703,

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Please download ATF Cleaner

* Double-click ATF-Cleaner.exe to run the program.
* Click Select All found at the bottom of the list.
* Click the Empty Selected button.

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

* Click Opera at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------------------------------------------

Crack Programs

The use of crack programs are an open door for malware to enter in your computer. I strongly discourage you from participating in using such programs if you wish to keep your system clean in the future.

Quote:

Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe[keygen.exe]
Virus:Trj/Inject.AD Not disinfected C:\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe[crack.exe]
Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe[keygen.exe]
Virus:Trj/Inject.AD Not disinfected C:\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe[crack.exe]
Virus:Generic Trojan Not disinfected G:\CureROM_2033_Setup\CureROM_2033_Setup.exe[²èÇ]
Spyware:Spyware/Vundo Not disinfected G:\KEYGEN.EXE
Virus:Trj/Inject.AD Disinfected G:\CRACK.EXE
Hacktool:HackTool/EvID Not disinfected G:\COOLEDIT\EvID4226Patch.exe

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

AutoCAD 2004
Autodesk Express Viewer
CureROM Pro 2.0.3.3

--------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

Delete the following folders and file:

C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
G:\My Shared Folder\STEINBERG the big pack ALL VST music programs (cubase 5+sx-wavelab3+4+manuels+rb338+recycle+full plugs-ins etc....).rar

*** Also, empty out your recycling bin***

--------------------------------------------------------------

Please delete only the ComboFix.exe from your desktop and download an updated copy below:

Download Combofix from Here or Alternate link

**Save it directly to your desktop**

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\found.000
C:\tempdel.bat
C:\Program Files\93786265.exe
C:\WINDOWS\system32\winsms.dll
C:\1756414796
C:\WINDOWS\DOWNLO~1\vzbb.dll
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe
C:\Documents and Settings\Deborah Sykes\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5d96d78c-4bdeb2b6.zip
C:\WINDOWS\Downloaded Program Files\vzbb.dll
G:\COOLEDIT\EvID4226Patch.exe
G:\KEYGEN.EXE
G:\CureROM_2033_Setup\CureROM_2033_Setup.exe

Folder::
C:\Program Files\Common Files\Autodesk Shared
C:\Program Files\AutoCAD 2004
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\Alex Sykes\Application Data\Autodesk
C:\Program Files\filesubmit
C:\Program Files\Helper

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button:

- {1A9897FA-2946-47E3-B784-B51C106046A9} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O9 - Extra button: (no name) - {4094C4BB-2629-47C6-9C8E-16801C3FAC6B} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Kaspersky Online Scan Results
New HiJackThis Log

datvakid703 · 12-31-2007, 10:32 AM

combofix

Quote:

ComboFix 07-12-31.4 - Alex Sykes 2007-12-31 4:13:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.208 [GMT -5:00]
Running from: C:\Documents and Settings\Alex Sykes\Desktop\ICONS\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex Sykes\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\1756414796
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe
C:\Documents and Settings\Deborah Sykes\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5d96d78c-4bdeb2b6.zip
C:\found.000
C:\Program Files\93786265.exe
C:\tempdel.bat
C:\WINDOWS\DOWNLO~1\vzbb.dll
C:\WINDOWS\Downloaded Program Files\vzbb.dll
C:\WINDOWS\system32\winsms.dll
G:\COOLEDIT\EvID4226Patch.exe
G:\CureROM_2033_Setup\CureROM_2033_Setup.exe
G:\KEYGEN.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1756414796
C:\Documents and Settings\Alex Sykes\Application Data\Autodesk
C:\Documents and Settings\Alex Sykes\Application Data\Autodesk\AutoCAD 2004\R16.0\enu\Support\Profiles\FixedProfile.aws
C:\Documents and Settings\Alex Sykes\Application Data\Autodesk\AutoCAD 2004\R16.0\enu\Support\Profiles\Unnamed Profile\Profile.aws
C:\Documents and Settings\Alex Sykes\Application Data\Autodesk\AutoCAD 2004\R16.0\enu\Support\ToolPalette\AcTpCatalog.atc
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Autodesk\AutoCAD 2004\R16.0\ADLM\ACD2004ENUAdlm.err
C:\Documents and Settings\Deborah Sykes\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5d96d78c-4bdeb2b6.zip
C:\Program Files\93786265.exe
C:\Program Files\AutoCAD 2004
C:\Program Files\filesubmit
C:\Program Files\filesubmit\biob.zip\biob.zip
C:\Program Files\filesubmit\biob.zip\biob\BioBlack.theme
C:\Program Files\filesubmit\biob.zip\biob\BioBlack\BioBlack.msstyles
C:\Program Files\filesubmit\biob.zip\biob\BioBlack\Gorkhali Link.url
C:\Program Files\filesubmit\biob.zip\biob\BioBlack\Shell\NormalColor\Shellstyle.dll
C:\Program Files\filesubmit\biob.zip\biob\Gorkhali Link.url
C:\Program Files\filesubmit\biob.zip\biob\read me.htm
C:\Program Files\filesubmit\biob.zip\fsi_install.ico
C:\Program Files\filesubmit\biob.zip\fsi_uninstall.ico
C:\Program Files\filesubmit\biob.zip\UNWISE.EXE
C:\Program Files\filesubmit\biob.zip\UNWISE.INI
C:\Program Files\filesubmit\oswdvaz118.exe
C:\tempdel.bat
C:\WINDOWS\system32\winsms.dll
G:\COOLEDIT\EvID4226Patch.exe
G:\CureROM_2033_Setup\CureROM_2033_Setup.exe
G:\KEYGEN.EXE

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-31 04:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 17:18 . 2007-12-28 17:18 <DIR> d-------- C:\Deckard
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-28 17:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-28 14:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 14:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qbgnuonxqbtq.sys
2007-12-28 14:42 . 2007-12-28 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:42 . 2007-12-28 14:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 14:42 . 2007-12-28 14:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 14:42 . 2007-12-28 14:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 14:22 . 2007-03-01 03:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-12-27 12:34 . 2007-12-27 12:34 <DIR> d--hs---- C:\found.000
2007-12-24 13:49 . 2007-12-26 21:38 1,027,711 --ahs---- C:\WINDOWS\system32\rgrnwaxb.ini
2007-12-24 12:26 . 2007-12-24 12:40 1,010,228 --ahs---- C:\WINDOWS\system32\kvptbwwm.ini
2007-12-24 02:16 . 2007-12-24 02:16 1,934,700 --ahs---- C:\WINDOWS\system32\tclusjsk.ini
2007-12-22 16:03 . 2007-12-22 16:03 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-22 16:03 . 2007-12-26 23:57 <DIR> d-------- C:\Program Files\Symantec
2007-12-22 16:03 . 2007-12-28 15:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-22 16:03 . 2007-12-26 23:57 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-22 16:03 . 2007-12-26 23:57 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-22 13:47 . 2007-12-24 02:17 2,404,349 --ahs---- C:\WINDOWS\system32\dilnladt.ini
2007-12-18 22:21 . 2007-12-18 22:21 180,506 ---h----- C:\WpxpBackground.bmp
2007-12-18 22:17 . 2007-12-18 22:21 94 ---h----- C:\desktop.ini
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Program Files\SodaBush
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SodaBush
2007-12-17 21:54 . 2007-12-17 21:54 54,784 --------- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-09 18:16 . 2007-12-09 18:16 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 18:16 . 2007-04-02 00:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8U.DLL
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\TVU Networks
2007-12-08 23:35 . 2007-12-08 23:38 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SopCast
2007-12-08 21:51 . 2007-12-08 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-12-08 21:49 . 2007-12-08 21:49 <DIR> d-------- C:\Program Files\Java
2007-12-08 21:49 . 2007-05-22 17:39 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-08 21:48 . 2007-12-08 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-08 14:48 . 2007-12-08 14:48 <DIR> d-------- C:\Program Files\Finale 2006
2007-12-06 22:40 . 2007-12-06 22:40 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 15:36 . 2007-12-06 15:36 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\Uniblue
2007-12-06 14:40 . 2007-12-06 14:40 82 --a------ C:\WINDOWS\wb.ini
2007-12-06 14:39 . 2007-12-06 14:39 <DIR> d-------- C:\Program Files\Stardock
2007-12-06 14:39 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-06 14:13 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-05 23:17 . 2007-12-05 23:17 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-05 22:54 . 2007-12-05 22:54 <DIR> d-------- C:\Program Files\BitComet Acceleration Patch
2007-12-05 22:50 . 2007-12-05 22:50 <DIR> d-------- C:\Program Files\BitComet Turbo Accelerator
2007-12-04 22:46 . 2007-12-04 22:46 <DIR> d-------- C:\Documents and Settings\Alex Sykes\MobiDB
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 14:09 . 2007-11-25 14:09 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\Goodsol
2007-11-25 00:01 . 2007-11-25 00:01 <DIR> d-------- C:\Program Files\goodsol
2007-11-25 00:01 . 2000-05-22 15:58 244,416 --a------ C:\WINDOWS\system32\msflxgrd.ocx
2007-11-13 22:34 . 2007-11-13 22:34 <DIR> d-------- C:\Program Files\NetworkActiv PIAFCTM 2.2
2007-11-13 22:34 . 2007-11-13 22:34 16 --a------ C:\WINDOWS\bnsacomm64_c.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 21:15 --------- d-----w C:\Documents and Settings\Harry Sykes\Application Data\MSN6
2007-12-29 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 20:40 --------- d-----w C:\Program Files\Verizon
2007-12-28 20:30 --------- d-----w C:\Program Files\Common Files\Motive
2007-12-28 20:27 --------- d-----w C:\Program Files\AIM6
2007-12-27 17:22 --------- d-----w C:\Documents and Settings\Deborah Sykes\Application Data\MSN6
2007-12-27 04:57 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-27 04:57 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-22 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 03:18 172 ---h--w C:\Program Files\desktop.ini
2007-12-06 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-06 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-06 04:17 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-04 02:42 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\Move Networks
2007-11-23 12:37 --------- d-----w C:\Program Files\Lx_cats
2007-11-13 11:32 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\U3
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 02:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\DivX
2007-10-30 02:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-09 21:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-09 21:18 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-09 21:18 102,400 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-07 15:57 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-10-07 15:57 115,712 ----a-w C:\WINDOWS\system32\usbmn2x2.dll
2007-09-29 05:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 21:54 0 ----a-w C:\Documents and Settings\Harry Sykes\GoToAssist_phone__317_en.exe
2001-07-28 03:05 92,064 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdm.sys
2001-07-28 03:05 9,232 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdfl.sys
2001-07-28 03:05 79,328 ----a-w C:\Documents and Settings\Alex Sykes\mqdmserd.sys
2001-07-28 03:05 66,656 ----a-w C:\Documents and Settings\Alex Sykes\mqdmbus.sys
2001-07-28 03:05 6,208 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcmnt.sys
2001-07-28 03:05 5,936 ----a-w C:\Documents and Settings\Alex Sykes\mqdmwhnt.sys
2001-07-28 03:05 4,048 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcr.sys
2001-07-28 03:05 25,600 ----a-w C:\Documents and Settings\Alex Sykes\usbsermptxp.sys
2001-07-28 03:05 22,768 ----a-w C:\Documents and Settings\Alex Sykes\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-22 16:05 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16 171464]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"RocketDock"="C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe" [2006-05-14 22:47 344064]
"UberIcon"="C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20 180224]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 14:20 2061816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344]
"P17Helper"="P17.dll" [2004-06-10 11:51 60928 C:\WINDOWS\system32\P17.dll]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 01:46 200069]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 11:01 5513216]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 10:43 228088]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-12 08:56]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-10-07 10:57]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-10-07 10:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d01fa2-71f3-11dc-8039-001111b811ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ec3bd2-835c-11d5-bfe1-001111b811ac}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Deborah Sykes.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 04:16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 4:17:02
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 09:16:59
C:\qoobox\ComboFix2.txt 2007-12-29 04:10:20
.
2007-12-22 08:00:29 --- E O F ---

hijackthis

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 4:28:11 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
G:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe
C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://amch.questionmarket.com/adscg...s_up=60&type=4
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RocketDock] "C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = G:\Redirector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://gsvaresa07.er.usgs.gov/qp2.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://gsvaresm05.er.usgs.gov/iNotes6W.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

datvakid703 · 12-31-2007, 10:32 AM

kaspersky

Quote:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 31, 2007 12:24:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/12/2007
Kaspersky Anti-Virus database records: 500668
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 137129
Number of viruses found: 41
Number of infected objects: 538
Number of suspicious objects: 0
Duration of the scan process: 02:08:09

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\gos10D7.tmp Infected: Trojan.Win32.Dialer.yz skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nsuEEE.tmp\onestep.dll Infected: not-a-virus:AdWare.Win32.OneStep.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nsuEEE.tmp\onestep.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nsuEEE.tmp\osopt.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nszEFD.tmp\onestep.dll Infected: not-a-virus:AdWare.Win32.OneStep.a skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nszEFD.tmp\onestep.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ALEXSY~1\LOCALS~1\Temp\nszEFD.tmp\osopt.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\Documents and Settings\Alex Sykes\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
C:\Documents and Settings\Alex Sykes\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Alex Sykes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Alex Sykes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Alex Sykes\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex Sykes\Local Settings\History\History.IE5\MSHist012007123120080101\index.dat Object is locked skipped
C:\Documents and Settings\Alex Sykes\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Alex Sykes\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Alex Sykes\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-31_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{78D3D8DD-37A2-4A1E-BC37-B93F05054A43}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{78D3D8DD-37A2-4A1E-BC37-B93F05054A43}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5313B3AB.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C025DD22.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Deborah Sykes\Local Settings\Temp\hsperfdata_Deborah Sykes\5276 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe.vir/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe.vir/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe.vir/data.rar/crack.exe Infected: Trojan.Win32.Inject.mt skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe.vir/data.rar Infected: Trojan.Win32.Inject.mt skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\AutoCAD_2004_Fixed_by_Khaled_Elazhry.zip.exe.vir RarSFX: infected - 4 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe.vir/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe.vir/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe.vir/data.rar/crack.exe Infected: Trojan.Win32.Inject.mt skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe.vir/data.rar Infected: Trojan.Win32.Inject.mt skipped
C:\qoobox\Quarantine\C\Documents and Settings\Alex Sykes\Desktop\ICONS\autodeskautocad2004regfile.zip.exe.vir RarSFX: infected - 4 skipped
C:\qoobox\Quarantine\C\Program Files\3269.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\qoobox\Quarantine\C\Program Files\93786265.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\Program Files\filesubmit\oswdvaz118.exe.vir Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\qoobox\Quarantine\C\Program Files\Helper\Helper8.dll.vir Infected: Trojan-Downloader.Win32.Alphabet.ap skipped
C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winbug32.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xlibgfl254.dll.vir Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\qoobox\Quarantine\catchme2007-12-28_230857.62.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.cu skipped
C:\qoobox\Quarantine\catchme2007-12-28_230857.62.zip/fccywur.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\qoobox\Quarantine\catchme2007-12-28_230857.62.zip ZIP: infected - 2 skipped
C:\qoobox\Quarantine\G\keygen.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\RECYCLER\NPROTECT\00785503.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\RECYCLER\NPROTECT\00786955.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\RECYCLER\NPROTECT\00787967.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\RECYCLER\NPROTECT\00789300.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036175.exe Infected: not-a-virus:AdWare.Win32.Relevant.b skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036176.exe Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036177.dll Infected: not-a-virus:AdWare.Win32.OneStep.a skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036178.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036180.dll Infected: not-a-virus:AdWare.Win32.OneStep.d skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036181.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP186\A0036192.exe Infected: not-a-virus:AdWare.Win32.RK.n skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036200.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036202.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bi skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036203.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036206.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bi skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036214.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bi skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036269.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036270.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0036274.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0037039.dll Infected: not-a-virus:AdWare.Win32.RK.o skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP188\A0037040.exe Infected: not-a-virus:AdWare.Win32.RK.q skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP204\A0044107.exe Infected: Trojan-Spy.Win32.Goldun.ty skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP204\A0044109.exe Infected: Trojan.Win32.Agent.djz skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP204\A0044127.exe Infected: Trojan-Downloader.Win32.BHO.by skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0044445.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0044458.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045290.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045291.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045292.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045293.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045294.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045295.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045296.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045297.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045298.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045299.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045300.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045301.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045302.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045303.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045304.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045305.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045306.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045307.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045308.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045309.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045310.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045311.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045312.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045313.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045314.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045315.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045316.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045317.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045318.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045319.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045320.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045321.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045322.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045323.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045324.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045325.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045326.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045327.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045328.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045329.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045330.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045331.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045332.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045333.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045334.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045335.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045336.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045337.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045338.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045339.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045340.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045341.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045342.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045343.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045344.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045345.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045346.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045347.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045348.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045349.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045350.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045351.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045352.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045353.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045354.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045355.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045356.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045357.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045358.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045359.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045360.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045361.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045362.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045363.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045364.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045365.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045366.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045367.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045368.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045369.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045370.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045371.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045372.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045373.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045374.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045375.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045376.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045377.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045378.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045379.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045380.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045381.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045382.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045383.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045384.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045385.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045386.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045387.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045388.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045389.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045390.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045391.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045392.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045393.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045394.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045395.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045396.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045397.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045398.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045399.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045400.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045401.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045402.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045403.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045404.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045405.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045406.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045407.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045408.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045409.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045410.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045411.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045412.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045413.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045414.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045415.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045416.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045417.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045418.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045419.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045420.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045421.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045427.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045442.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP207\A0045448.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0045462.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0045466.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0046470.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0047466.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0047471.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0048466.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0048474.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049466.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049467.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049468.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049469.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049470.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049471.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049472.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049473.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049474.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049475.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049476.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049477.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049478.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049479.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049480.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049481.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049482.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049483.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049484.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049485.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049487.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049488.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049489.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049490.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049491.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049492.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049493.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049494.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049495.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049496.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049497.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049498.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049499.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049500.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049501.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049502.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049503.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049504.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049505.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049506.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049507.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049508.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049509.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049510.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049511.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049519.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049690.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049697.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP210\A0050197.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP210\A0050218.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052199.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052201.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052202.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052203.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052204.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052205.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052206.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052207.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052208.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052209.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052210.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052212.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052213.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052214.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052215.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052216.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052217.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052218.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052219.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052220.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052221.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052222.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052223.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052224.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052225.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052226.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052227.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052228.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052229.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052230.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052231.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052232.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052233.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052234.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052235.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052236.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052237.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052238.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052239.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052240.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052241.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052242.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052243.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052244.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052245.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052246.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052247.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052248.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052249.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052250.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052251.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052252.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052253.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052254.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052255.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052256.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052257.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052258.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052259.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052260.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052261.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052262.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052263.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052264.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052265.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052266.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052267.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052268.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052269.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052270.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052271.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052272.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052273.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052274.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052275.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052276.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052277.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052278.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052279.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052280.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052281.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052282.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052283.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052284.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052285.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052286.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052287.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052288.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052289.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052290.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052291.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052292.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052293.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052294.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052295.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052296.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052297.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052298.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052299.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052300.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052301.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052302.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052303.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052304.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052305.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052306.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052307.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052308.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052309.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052310.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052311.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052312.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052313.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052314.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052315.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052316.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052317.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052318.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052319.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052320.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052321.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052322.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052323.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052324.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052325.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052326.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052327.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052328.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052329.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052330.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052331.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052332.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052333.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052334.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052335.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052336.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052337.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052338.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052339.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052340.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052341.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052342.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052343.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052344.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052345.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052346.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052347.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052348.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052349.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052350.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052351.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052352.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052353.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052354.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052355.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052356.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052357.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052358.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052359.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052360.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\A0052361.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-1.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-10.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-11.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-12.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-13.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-14.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-15.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-16.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-17.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-18.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-19.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-2.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-20.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-21.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-22.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-23.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-24.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-25.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-26.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-27.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-28.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-29.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-3.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-30.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-31.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-32.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-33.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-34.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-35.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-36.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-37.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-38.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-39.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-4.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-40.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-41.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-42.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-43.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-44.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-45.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-46.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-47.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-48.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-49.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-5.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-50.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-51.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-52.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-53.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-54.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-55.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-56.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-57.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-58.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-59.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-6.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-60.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-61.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-62.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-63.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-64.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-65.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-66.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-7.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-8.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP211\snapshot\MFEX-9.DAT Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP212\A0057223.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP212\A0057224.exe Infected: Trojan-Downloader.Win32.Alphabet.an skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP214\A0060222.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP214\A0060223.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064235.exe Infected: Trojan-Clicker.Win32.Costrat.cv skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064236.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064271.exe Infected: Trojan-Downloader.Win32.Alphabet.ap skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064273.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064274.exe Infected: Trojan-Downloader.Win32.Alphabet.ap skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064276.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064277.dll Infected: Trojan.Win32.Pakes.bwd skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064278.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064279.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064420.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064429.dll Infected: Trojan-Downloader.Win32.Alphabet.ap skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064434.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064436.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064437.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP217\A0064444.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065541.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065547.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065547.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065547.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065547.exe/data.rar Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065547.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065548.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065548.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065548.exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065548.exe/data.rar Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065548.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065549.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1AFAEA70-BA0A-435D-AF8D-FB1B7C7550E4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETD215.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP522\A0164360.exe/stream/data0022 Infected: not-a-virus:Monitor.Win32.GoldenKeylogger.150 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP522\A0164360.exe/stream/data0023 Infected: not-a-virus:Monitor.Win32.IESpy.120 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP522\A0164360.exe/stream/data0024 Infected: not-a-virus:Monitor.Win32.PersonalInspector.500 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP522\A0164360.exe/stream Infected: not-a-virus:Monitor.Win32.PersonalInspector.500 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP522\A0164360.exe NSIS: infected - 4 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/crack.exe Infected: Trojan.Win32.VB.azv skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/ca.exe Infected: Trojan.Win32.VB.azv skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/ff.exe Infected: Trojan.Win32.VB.azv skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/bar.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Mostofate.ao skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/bar.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ao skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe/bar.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ao skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP528\A0164902.exe ZIP: infected - 6 skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP530\A0166641.exe/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
G:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP530\A0166641.exe ZIP: infected - 1 skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049524.exe Infected: Trojan.Win32.Dialer.yz skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049526.exe Infected: Trojan.Win32.Dialer.yz skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049528.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP209\A0049529.exe Infected: Trojan.Win32.Inject.mt skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP215\A0064281.EXE Infected: Trojan.Win32.Inject.mt skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\change.log Object is locked skipped
G:\System Volume Information\_restore{3E8E2578-E320-4773-9F4B-085987F5F5EE}\RP220\A0065554.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.bya skipped
G:\My Shared Folder\The Sims 2 - University Crack.zip/Sims2 University.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
G:\My Shared Folder\The Sims 2 - University Crack.zip/Sims2 University.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
G:\My Shared Folder\The Sims 2 - University Crack.zip/Sims2 University.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
G:\My Shared Folder\The Sims 2 - University Crack.zip ZIP: infected - 3 skipped
G:\My Shared Folder\The Sims 2 - University.zip/Sims2 University.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
G:\My Shared Folder\The Sims 2 - University.zip/Sims2 University.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
G:\My Shared Folder\The Sims 2 - University.zip/Sims2 University.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
G:\My Shared Folder\The Sims 2 - University.zip ZIP: infected - 3 skipped
G:\data Infected: Trojan-Downloader.Win32.IstBar.nh skipped

Scan process completed.

forhockey · 01-01-2008, 08:43 PM

Hi datvakid703,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

KILLALL::

File::
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe
C:\RECYCLER\NPROTECT
G:\My Shared Folder\The Sims 2 - University Crack.zip
G:\My Shared Folder\The Sims 2 - University.zip
G:\data
Folder::
C:\found.000

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Please reply back with the following:

C:\ComboFix.txt
Update on system behaviour?

forhockey · 01-01-2008, 08:45 PM

The following instructions are supposed to be completed after you've done what I previously asked.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 u3.
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications.". (4th one down)
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

datvakid703 · 01-02-2008, 01:51 PM

Quote:

ComboFix 07-12-31.4 - Alex Sykes 2008-01-02 14:47:23.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -5:00]
Running from: C:\Documents and Settings\Alex Sykes\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex Sykes\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe
C:\RECYCLER\NPROTECT
G:\data
G:\My Shared Folder\The Sims 2 - University Crack.zip
G:\My Shared Folder\The Sims 2 - University.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alex Sykes\Desktop\ICONS\biob.exe
C:\found.000
C:\found.000\dir0000.chk\win316E.tmp
C:\found.000\dir0000.chk\win316F.tmp
G:\data
G:\My Shared Folder\The Sims 2 - University Crack.zip
G:\My Shared Folder\The Sims 2 - University.zip

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2007-12-31 04:31 . 2007-12-31 04:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-31 04:31 . 2007-12-31 04:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-31 04:30 . 2007-12-31 04:30 <DIR> d---s---- C:\Documents and Settings\Alex Sykes\UserData
2007-12-31 04:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-28 17:18 . 2007-12-28 17:18 <DIR> d-------- C:\Deckard
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-28 17:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-28 14:57 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 14:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qbgnuonxqbtq.sys
2007-12-28 14:42 . 2007-12-28 15:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-28 14:42 . 2007-12-28 14:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-28 14:42 . 2007-12-28 14:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-28 14:42 . 2007-12-28 14:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-28 14:22 . 2007-03-01 03:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2007-12-24 13:49 . 2007-12-26 21:38 1,027,711 --ahs---- C:\WINDOWS\system32\rgrnwaxb.ini
2007-12-24 12:26 . 2007-12-24 12:40 1,010,228 --ahs---- C:\WINDOWS\system32\kvptbwwm.ini
2007-12-24 02:16 . 2007-12-24 02:16 1,934,700 --ahs---- C:\WINDOWS\system32\tclusjsk.ini
2007-12-22 16:03 . 2007-12-22 16:03 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-22 16:03 . 2007-12-26 23:57 <DIR> d-------- C:\Program Files\Symantec
2007-12-22 16:03 . 2007-12-28 15:37 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-12-22 16:03 . 2007-12-26 23:57 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-22 16:03 . 2007-12-26 23:57 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-22 13:47 . 2007-12-24 02:17 2,404,349 --ahs---- C:\WINDOWS\system32\dilnladt.ini
2007-12-18 22:21 . 2007-12-18 22:21 180,506 ---h----- C:\WpxpBackground.bmp
2007-12-18 22:17 . 2007-12-18 22:21 94 ---h----- C:\desktop.ini
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Program Files\SodaBush
2007-12-18 22:15 . 2007-12-18 22:15 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SodaBush
2007-12-09 18:16 . 2007-12-09 18:16 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-09 18:16 . 2007-04-02 00:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8U.DLL
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-09 00:01 . 2007-12-09 00:01 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\TVU Networks
2007-12-08 23:35 . 2007-12-08 23:38 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\SopCast
2007-12-08 21:51 . 2007-12-08 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-12-08 21:49 . 2007-12-08 21:49 <DIR> d-------- C:\Program Files\Java
2007-12-08 21:49 . 2007-05-22 17:39 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2007-12-08 21:48 . 2007-12-08 21:48 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-08 14:48 . 2007-12-08 14:48 <DIR> d-------- C:\Program Files\Finale 2006
2007-12-06 22:40 . 2007-12-06 22:40 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 15:36 . 2007-12-06 15:36 <DIR> d-------- C:\Documents and Settings\Alex Sykes\Application Data\Uniblue
2007-12-06 14:40 . 2007-12-06 14:40 82 --a------ C:\WINDOWS\wb.ini
2007-12-06 14:39 . 2007-12-06 14:39 <DIR> d-------- C:\Program Files\Stardock
2007-12-06 14:39 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-06 14:13 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-05 23:17 . 2007-12-05 23:17 359,808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-05 22:54 . 2007-12-05 22:54 <DIR> d-------- C:\Program Files\BitComet Acceleration Patch
2007-12-05 22:50 . 2007-12-05 22:50 <DIR> d-------- C:\Program Files\BitComet Turbo Accelerator
2007-12-04 22:46 . 2007-12-04 22:46 <DIR> d-------- C:\Documents and Settings\Alex Sykes\MobiDB

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 00:33 --------- d-----w C:\Documents and Settings\Harry Sykes\Application Data\MSN6
2007-12-29 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 20:40 --------- d-----w C:\Program Files\Verizon
2007-12-28 20:30 --------- d-----w C:\Program Files\Common Files\Motive
2007-12-28 20:27 --------- d-----w C:\Program Files\AIM6
2007-12-27 17:22 --------- d-----w C:\Documents and Settings\Deborah Sykes\Application Data\MSN6
2007-12-27 04:57 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-27 04:57 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-22 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 03:18 172 ---h--w C:\Program Files\desktop.ini
2007-12-06 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-06 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-06 04:17 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-04 02:42 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\Move Networks
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 19:09 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\Goodsol
2007-11-25 05:01 --------- d-----w C:\Program Files\goodsol
2007-11-23 12:37 --------- d-----w C:\Program Files\Lx_cats
2007-11-14 03:34 --------- d-----w C:\Program Files\NetworkActiv PIAFCTM 2.2
2007-11-13 11:32 --------- d-----w C:\Documents and Settings\Alex Sykes\Application Data\U3
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-09 21:18 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-09 21:18 282,624 ----a-r C:\WINDOWS\Setup1.exe
2007-10-07 15:57 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-08-03 21:54 0 ----a-w C:\Documents and Settings\Harry Sykes\GoToAssist_phone__317_en.exe
2001-07-28 03:05 92,064 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdm.sys
2001-07-28 03:05 9,232 ----a-w C:\Documents and Settings\Alex Sykes\mqdmmdfl.sys
2001-07-28 03:05 79,328 ----a-w C:\Documents and Settings\Alex Sykes\mqdmserd.sys
2001-07-28 03:05 66,656 ----a-w C:\Documents and Settings\Alex Sykes\mqdmbus.sys
2001-07-28 03:05 6,208 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcmnt.sys
2001-07-28 03:05 5,936 ----a-w C:\Documents and Settings\Alex Sykes\mqdmwhnt.sys
2001-07-28 03:05 4,048 ----a-w C:\Documents and Settings\Alex Sykes\mqdmcr.sys
2001-07-28 03:05 25,600 ----a-w C:\Documents and Settings\Alex Sykes\usbsermptxp.sys
2001-07-28 03:05 22,768 ----a-w C:\Documents and Settings\Alex Sykes\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-28_23.09.48.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 20:31:48 370,488 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-02 19:54:38 292,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-22 16:05 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"DAEMON Tools"="G:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16 171464]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"RocketDock"="C:\Documents and Settings\Alex Sykes\My Documents\themes\RocketDock.exe" [2006-05-14 22:47 344064]
"UberIcon"="C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 18:52 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 14:20 2061816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344]
"P17Helper"="P17.dll" [2004-06-10 11:51 60928 C:\WINDOWS\system32\P17.dll]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 01:46 200069]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-12-15 11:01 5513216]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 10:43 228088]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2004-08-12 08:56]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-10-07 10:57]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-10-07 10:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d01fa2-71f3-11dc-8039-001111b811ac}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5ec3bd2-835c-11d5-bfe1-001111b811ac}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Deborah Sykes.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 15:01:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Documents and Settings\Alex Sykes\My Documents\themes\UberIcon\UberIcon.dll
-> C:\Documents and Settings\Alex Sykes\My Documents\themes\MouseHook2.dll
.
Completion time: 2008-01-02 15:04:21 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 20:04:18
C:\qoobox\ComboFix2.txt 2007-12-31 09:17:03
C:\qoobox\ComboFix3.txt 2007-12-29 04:10:20
.
2007-12-22 08:00:29 --- E O F ---

My computer is straight now, just need to delete some worthless stuff and run a disk defrag but the messages have stop but should i switch virus program from nortain because my pops said he saw a better one that had higher rankings in consumer report. And what program do you suggest

forhockey · 01-03-2008, 01:07 AM

All depends on the user's preference.

Purchased Subscriptions

Kaspersky
BitDefender
ESET NOD32

Free Subscriptions

Avira AntiVir Personal Edition Classic
AVG
Avast!

----------------------------------------------------------------

Well done, your logs are clean! There are just a few more things I would like you to do.

The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

----------------------------------------------------------------

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html
MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firefox

Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC SAFETY AND SECURITY
How Did I Get Infected In The First Place?.
THE ANTI-SPYWARE TUTORIAL
STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

datvakid703 · 01-03-2008, 06:57 AM

Quick question, now everytime i get online this thing called cingular gprs keeps popping up and its a dial up log on to connect to the internet. I have DSL and never seen this before tell lately and everytime it pops up it freezes my internet connection untel i close it.

forhockey · 01-03-2008, 08:39 PM

Hi datvakid703,

As your remaining issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum.

datvakid703 · 01-05-2008, 05:33 AM

Ok thank you

12-28-2007, 05:28 PM	#2 (permalink)
datvakid703 Registered User Join Date: Dec 2007 Posts: 8 OS: xp sp2	Re: Norton being attacked by a virus I have an active scan log but its to big to fit in the reply

12-28-2007, 08:42 PM	#3 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: Norton being attacked by a virus Hi datvakid703, You can attach the log by doing the following: To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and then click on Browse Navigate to the file Click Upload. ------------------------------------------------- Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Download Combofix from Here or Alternate link Disable your real time Anti Virus and Anti Spyware protection programs. Exit the program via the SystemTray icon. Double click on combofix.exe & follow the prompts. Type "1" and press Enter to begin the scan. When finished, it shall produce a log for you ( C:\ComboFix.txt ). Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------- Re-enable your Anti-Virus if it is not active...a reboot should have re-activated it. Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Double click on HijackThis.exe to run the program. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. -------------------------------------------------------------- __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 12-28-2007 at 08:44 PM.

01-01-2008, 08:45 PM	#9 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: Norton being attacked by a virus The following instructions are supposed to be completed after you've done what I previously asked. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 u3. Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications.". (4th one down) Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

01-03-2008, 01:07 AM	#11 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: Norton being attacked by a virus All depends on the user's preference. Purchased Subscriptions Kaspersky BitDefender ESET NOD32 Free Subscriptions Avira AntiVir Personal Edition Classic AVG Avast! ---------------------------------------------------------------- Well done, your logs are clean! There are just a few more things I would like you to do. The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u ---------------------------------------------------------------- Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources. SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates. IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites. McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox. SpywareGuard - real-time protection that detects and blocks spyware before it can execute. Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firefox Opera Firewalls If you do not have a firewall, here are a few free ones available for personal use: Understanding and Using Firewalls Comodo Personal Firewall ZoneAlarm OutPost Firewall Informational Reading In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: PC SAFETY AND SECURITY How Did I Get Infected In The First Place?. THE ANTI-SPYWARE TUTORIAL STRONG PASSWORDS Please respond to this thread one more time so we can mark this thread as resolved. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 01-03-2008 at 01:08 AM.

01-03-2008, 06:57 AM	#12 (permalink)
datvakid703 Registered User Join Date: Dec 2007 Posts: 8 OS: xp sp2	Re: Norton being attacked by a virus Quick question, now everytime i get online this thing called cingular gprs keeps popping up and its a dial up log on to connect to the internet. I have DSL and never seen this before tell lately and everytime it pops up it freezes my internet connection untel i close it.

01-03-2008, 08:39 PM	#13 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: Norton being attacked by a virus Hi datvakid703, As your remaining issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum. __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum

01-05-2008, 05:33 AM	#14 (permalink)
datvakid703 Registered User Join Date: Dec 2007 Posts: 8 OS: xp sp2	Re: Norton being attacked by a virus Ok thank you